The latest sensation in the cybersecurity world hit on Friday of last week and it’s a big one. The wannacry virus. Essentially wannacry is a Trojan form of virus that triggers a ransomware attack on your computer. It demands a payment of $300 within 3 days in order to give you your files back that it has encrypted on your computer. It sounds serious and it is. In fact it is very serious, but not for the reasons you think and we will get into those in a minute. But first I do not want to belittle the effects a ransomware attack can have on your company. It can be bad.
But as bad as it is there are much worse things and that is the real problem. As of this writing there are numerous protections patches, fixes, updates, and antivirus programs out there that will protect you from the wannacry virus. But you have to use them, and sadly we don’t use them consistently.
So What Is The Problem
The wannacry virus is going to come and its going to go, and in its place will be wannacry version 2.0, 3.0, 4.0 etc. you get the picture. Then down the road there will be other viruses, Trojans, majware, hacks and attacks that you will need to defend against. But will you do it? Will you actually do something about your cybersecurity posture or will you just let this blow over and go back to what you were doing? Will you just say this is an IT problem and my IT guy will handle it?
Years ago I had a client that was a large organization and they had suffered numerous virus and malware attacks. They had been the victim of malicious hackers and other bad actors. We were invited in to assist them and we did. We came up with a series of solutions that was quick, effective and would essentially put them on a better security footing in a short period of time.
However, they did not implement our suggestions. Or they did not really do it. The minute we left they went back to business as usual. And a year later when I visited them they were still having multiple security problems and just limping along making it day by day. Do you see where the problem really is? I talked about this very issue in my article just last week. Don’t be the low hanging fruit. Don’t make yourself vulnerable to attack through your own negligence. Do something. You could talk to many cybersecurity professionals and they would have similar stories.
We are the problem. The wannacry virus is a piece of software that exploits the most vulnerable unreliable and poorly maintained machines we have. Any normal windows computer with a good antivirus and antimalware program that is allowed to update automatically would have been protected on the same day it supposedly came out which was Friday of last week. The systems that are getting exploited are the ones that do not have the latest updates. Or a system that does not have a current effective cybersecurity posture in place.
The list of actions to take coming out by the cybersecurity experts looks like a list extracted directly from my blog. Let’s take a look at some of them; run windows update, have the latest version of antivirus, make sure security appliances are up to date, back up key data, make sure incoming email is being scanned, conduct penetration tests. I could go on but it makes me “wannacry”. I talk about this until I am blue in the face, I speak publicly about it, I educate, I evangelize, and write extensively about it. I’m not saying I came up with all of these first but that the fix is in our reach and we can protect ourselves by following these time-tested practices using a little discipline and some leadership.
But so often it falls on deaf ears. People have greater priorities and are not so concerned about their own cybersecurity. And in the grand scheme of things wannacry virus is going to be a minor blip on the actual damage that could happen. But if the same vulnerable systems are hit by a truly damaging piece of malware or hack. That is going to be the real problem. And that is just a matter of time. Wannacry virus is not your problem. It is a symptom of a much bigger problem. It is a warning shot to everyone that was not hit. Start work today on your new cybersecurity posture. Because the bad guys are already working on the next wannacry.