Unless you’ve been living under a rock for the last 48 hours, you have no doubt heard of the massive “cyber attack” which has hit the UK and other countries around the world
– most prominently affecting the NHS, but also inflicting millions of pounds of damage to UK businesses, organisations and individuals.
Here we hope to give you some background information, explain a little better – or at least more accurately - than the mainstream media and provide you with some valuable information and useful tips for protecting your business.
What does it all mean – what really happened ?
Starting some time early on Friday, reports began to surface of a large scale cyber attack which it later became clear was a new type of “crypto” infection or virus spreading rapidly throughout the UK.
This new “virus” and its variants have been called “WannaCry”
Whilst initial reports were focussed on the NHS as the most high profile victim, more than 230,000 businesses and computers are thought to have been affected around the world in less than 24 hours; this doesn’t appear to be an attack specifically targeted at the NHS as some media reports might suggest.
Whilst all the facts are not yet clear, we would advise caution before believing everything you might hear in the mainstream media (but when isn't that the case anyway!). For example – calling this an “attack” now feels slightly misleading. In many ways this is “just another virus” – it does not appear to be in anyway discriminatory in who it affects, nor specifically targeted at any specific business or organisation.
“Crypto” infections have been one of the most successful and prevalent forms of cyber attack or virus over the past 18 months. When your machine is infected, the ‘virus’ or malicious programme scans your computer and any network drives you might have access to and encrypts – locking you out of - any data that it finds. Cyber criminals have netted hundreds of millions of dollars selling the encryption key – or password – back to the affected individuals and businesses to unlock and regain access to their own data.
In this particular case, a known security flaw or ‘vulnerability’ in the Microsoft Windows Operating System has been used by the virus’ creators – allowing the virus to infect vulnerable computers remotely i.e. without needing a user to inadvertently run the virus on each infected computer as is more often the case.
What does it all mean to me?
At best, the significant speed and scale that this ‘attack’ has achieved should serve as a timely and stark reminder of the severity of risk we all face from cyber crime.
We cannot afford, as individuals and especially as businesses, to rest on our laurels or to put our head in the sand and take an “it won’t happen to me” approach to securing our business and our data. Unfortunately, this is an approach we see all too often!
- If you haven’t reviewed your cyber security recently, take this as the kick up the proverbial you may have needed and speak to your trusted experts – be that an internal IT team or external provider – quickly and carry out a full review of your cyber security defences and processes. For Vital customers, speak to your account manager and we will happily conduct a full security review at no cost.
- Do not delegate responsibility for your cyber-security – whilst you no doubt need technical expertise and guidance, the ultimate responsibility for ensuring a business is suitably protected from such a significant risk should be a board level concern in every business.
- Ensure you have a system, policy or service in place that at the very least addresses the key “what should I do” points below on an on-going, proactively managed basis. Ask yourself – what else could we do? Effective security is achieved only through a multi-layered approach and there is always more that could be done.
- Make sure that your staff are aware of their responsibilities for taking your security seriously – provide training and the resources necessary to ensure your staff understand their role in maintaining a secure IT system.
- Consider verifying and validating your approach to cyber security by achieving the government-backed “Cyber Essentials” scheme certification.
Backup, Backup, BACKUP. Ultimately, despite all the expertise, systems and investment available to even the largest organisations the nature of the Internet today means that no business can ever be 100% secure against the ever changing risks they face from cyber crime and cyber security threats. This means it is imperative that you have a rigorous backup, business continuity and disaster recovery plan - and that this includes regular, reliable, tested backups of your company data that, should the worst happen, would allow you to retrieve your data and continue your business. If you don't have 100% confidence that you could recover your systems and data in the event that you fell victim to such an incident, take the opportunity to conduct a full review of your backup, DR and business continuity provision
What can I do - or what should I do – to protect myself?
In this case, the virus causing the damage has specifically targeted a known weakness in the Microsoft Windows operating system.
The good news is, that this is not a “new” vulnerability, and it was addressed by Microsoft through routine updates back in March. If you have this patch installed you should be safe from this particular virus and its current variants.
The bad news is, if you are not installing updates reliably and regularly – or even worse, as in the NHS’ case, you are running an unsupported (out of date) operating system version such as Windows XP – updates are no longer released for these systems and you are vulnerable and exposed.
Follow the below important and fundamental security steps to mitigate the risk;
- Ensure you have the latest Microsoft Updates installed on your computers
- If you are running any Windows XP, Windows Server 2003 or Windows 8 computers – which you should not be! – visit Microsoft’s website and download the patch they have provided as an exception for these unsupported systems
- If you are running those systems without a really, really good reason – turn those computers off immediately. Get rid of them. Replace them this week. This should be the reminder were it needed of the importance of getting this done
- Ensure you have a capable and reliable anti-virus system in place and that this is up to date. Do not assume that having anti-virus in place alone means you are safe – it does not! It is an important component in your cyber security defences but is almost worthless on its own
- The virus has gained a foothold into networks in most cases through malicious email attachments and what are known as ‘drive by’ downloads from compromised websites. The affected computer is then used as a ‘beachhead’, allowing the virus to propagate to other vulnerable computers on the network without any user interaction
- As IT professionals, we tell customers, friends and contacts until we are blue in the face about the risk you run opening unexpected and unusual email attachments – unfortunately the “it won’t happen to me” mindset and curiosity of the recipient means this advice still falls on deaf ears in many cases! Please, let us absolutely stress again the important that you do not open email attachments unless you can be 100% certain that they are safe, legitimate and expected
- You have not received a tax return, missed a delivery, received an invoice or anything of the sort – these emails can look quite legitimate but unless you were expecting it – DO NOT OPEN IT. Check with your IT or IT Security advisors first – it is (much) better safe than sorry
How is Vital working to protect and secure our customers?
Vital customer’s on our fully managed support packages can rest assured we are doing everything we can to ensure that our customers are protected from this latest high profile threat.
Fortunately, many of the systems and procedures we have in place mean that our customers are in a very strong position – but just as we have stressed the importance that businesses do not make any assumptions, neither are we – and below are some of the steps we are taking;
- We are already managing your Windows Updates as part of our service, and the important update should already be installed on your computers. We manage thousands of computers and whilst we work hard and proactively to address installation failures on a regular basis, we cannot guarantee that a specific update has been installed to all computers at a given time – computers can be switched off, updates can fail to install successfully etc
- We have been working hard over the weekend to report and review through our patch management system any computers which are missing the relevant update and will be taking steps to force the manual installation of this update as soon as possible. This may mean we have to reboot your computers and/or servers and we will be doing this as and when required. We appreciate your understanding in this regard
- If you have any Windows XP or Windows 2003 computers, we have undoubtedly talked to you about the importance of retiring these as soon as possible. We’ll be reviewing our supported estate again and contacting customers to re-stress the importance and agree how to retire these systems as quickly as possible. In the mean time, we are developing a script to install the manual update that Microsoft have released to these systems
- Whilst this case focuses on a Microsoft Windows vulnerability, many similar infections take advantage of vulnerabilities in 3rd party applications such as Google Chrome, Adobe Reader etc. We are pleased to be one of the few Yorkshire IT Support Providers whose service includes and deploys updates for a wide range of common such applications, not just Microsoft updates
- We use the comprehensive, cloud-based Webroot anti-virus system. Whilst no anti-virus system alone can protect you from these threats – Webroot’s architecture and use of a “cloud” based, always-up-to-date scanning engine, means that we can be confident that all our protected endpoints have the most up to date and best protection in this regard possible, benefiting in real-time as Webroot’s own experts develop and enhance their protection against this virus. If you are not using our supported Webroot platform, or you are not sure – please speak to your account manager to discuss how we can migrate you as soon as possible
- Microsoft have gone to extraordinary lengths to combat and mitigate the risk from this particular attack, and for customers using Microsoft Office 365 for email you benefit from this expertise and resource in real time. Microsoft are constantly working to combat the threat and have been pushing regular updates to their security engine to block these threats from reaching their customers. We have been recommending and facilitating the migration to Office 365 for many years and this reflects one of the benefits of using a cloud based platform
- In many cases we have implemented an email attachment filter to block ZIP files due to previous security issues and the prevalence of these file types as a means of delivery of malicious software. We have had a number of discussions with customers about the potential inconvenience of this – which we absolutely understand! The high-profile nature of this incident will hopefully serve as a reminder and reinforce the validity of our approach in this regard – we really are doing these things with the best of intentions and our client’s security as our top priority!
- We continue to constantly review and investigate opportunities for us to strengthen our portfolio of security services and processes - be these ‘core’ offerings such as our Webroot security to “optional” managed security services we offer to provide our customers with additional layers of security. Your account manager or technical account manager will be in touch throughout the week if we feel that there are appropriate or suitable opportunities or recommendations to improve your security
All Vital customers benefit from our proactive, automated backup monitoring to ensure that the backup system you have in place is working on a daily basis and that any errors are resolved by our technical team. We support a wide range of backup solutions and applications across our customer base with varying strengths and weaknesses - i you have not talked to your account manager recently about your current backup and continuity provision, now is the perfect time. We have a range of backup, DR and business continuity solutions available to our customers and this may by the ideal time to review and ensure what is in place would truly meet the demands of your business should the worst happen - if you're using basic built in server backup for example, we have a number of cost effective solutions that could significantly reduce your exposure to data loss, drastically reduce the time it would take to get you back up and running in the event of a breach - or both
For peace of mind, you can make contact with one of our security specialists below: