It gives us no pleasure to say this, but on a Cybercrime course we ran in Scotland only three weeks ago we suggested that basic precautions against cyberattacks, such as keeping patches bang up to date, were often lacking in some of the organisations that we’ve worked with. The rationale was often the need to wait to be certain that a new patch is not going to cause operational disruption or cause existing software to be rejected.
The WannaCry ransomware worm has highlighted just how vulnerable organisations, even relatively well secured organisations, can be.
It’s as if we live in a world where it becomes a case of ‘when’ rather than ‘will’ we be infiltrated by a third party.
There is no perfect solution but these four things are vital:
- Have a trusted backup, that can be used to restore systems after a successful attack;
- Install all patches related to malware or malware attacks as soon as decently possible;
- Don’t run any software that patches are not available for or are not committed to by the vendor;
- Keep all anti-malware services up to date.
In spite of all these precautions ensure that should you become a victim that you have an up to date incident management plan and portfolio of agreed incident management actions.
See Kaspersky Labs real time Cyber Threat model https://cybermap.kaspersky.com/ to get a view of what is going on around the world at this moment in time.
Regards, the team at Mindgrove.