Over the last week the WannaCry ransomware was released and spread to over 200,000 computers in over 100 countries throughout the world. Following WannaCry, a new attack called Adylkuzz has crippled computers over 150,000 computers. Both attacks exploit a vulnerability in the Microsoft operating systems that are no longer being supported, even though Microsoft did release a patch in March to protect against an attack. Also this week, a hacking group called Shadow Brokers posted an internet message saying it would release a new trove of cyber-attack tools next month.
Even if your business was not impacted these attacks they should be sounding loud warning bells in your organization. Let’s consider the following:
- How prepared are you for the next attack? While attacks such as these have been released for years, they are indicative of a drastic increase in Ransomware over the last year. Do you have a response plan in place? Are you conducting exercises to measure your response and how effective your plan is?
- Are you running any legacy software that is no longer being supported? Many companies have some version of legacy software to power a portion of their business. Have you identified vulnerabilities in this software? How up to date are you in installing patches and updates? Are un-patched computers connected to your network?
- Do you have a plan in place if you are no longer able to access third party vendors which your business relies upon? For example, if you are a manufacturer and rely on a product or material obtained through a third party, what happens to your business if that vendor is not able to fill orders due to a cyber attack?
- Are you conducting regular training of employees to identify phishing emails? We know that malware and viruses are delivered by either clicking on a link in an email or an internet site. Do you have a corporate culture that makes cyber security a priority for everyone in the organization?
If your emergency response plan hasn’t been updated to incorporate a cyber attack, now is the time for action. Also, if you have not purchased cyber insurance, the coverage, proactive risk management tools, and response services could be a life line for your business.