Software that makes you WannaCry – The importance of cyber security

Last month more than 200,000 computers in 150 countries were infected during the WannaCry ransomware attack, including the systems of a number of NHS trusts.

This cyber-attack caused mass hysteria and crippled a number of businesses and organisations – often highlighting the vulnerability of some of the world’s largest IT systems.

Through their actions the hackers are believed to have extorted just £60,000 worth of bitcoins, but the damage caused by the disruption was far, far greater, with some patients having operations and appointments cancelled and some corporate data being lost forever.

The issue at the heart of the WannaCry attack was where older systems, such as Windows XP, had become vulnerable after Microsoft reduced its official support.

This being said, Microsoft did issue a patch for the vulnerability in its older Windows operating systems in March, but it is thought that in many organisations this wasn’t implemented or that some organisations simply weren’t aware of the update.

But how significant is the risk from ransomware and similar programmes for the average business user?

Ransomware attacks currently account for around 72 per cent of incidents in the healthcare industry, according to the Verizon Data Breach Investigations Report 2017 and overall, across all sectors there has been a 50 per cent rise in ransomware incidents reported in the last 12 months.

Those most affected are those that are reliant on old versions of Windows, in some cases because the machinery or technology used can’t be easily upgraded. It is thought that many businesses may have points of vulnerability such as this, which leaves them open to larger attacks across their network.

In light of the recent attack, a number of cyber security experts have said data breaches and cyber-attacks are inevitable these days and that as well as keeping antivirus, firewall, application and OS software up-to-date, backing up key data regularly to offline hard drives should be a top priority – regardless of the business’ size.

The average cost of a data breach globally stands at £3.1 million, while the Federation of Small Businesses (FSB) has said that the average cybercrime violation costs a small company £3,000 and takes 2.2 days to recover from.

Its own data shows that around seven million cybercrimes are perpetrated against small to medium-sized enterprises in the UK every year, which equates to around 19,000 attacks a day.

Dave Stallon, commercial director at FSB, said: “We are raising the alarm. It is vital small businesses and the self-employed prioritise this – and they do it today.

“These businesses have limited resources, time and expertise to deal with the current and growing cybercrime threat but there is assistance available.”

Mike Cherry, FSB chairman, added: “We are urging all small businesses to take steps to reduce the risk of an attack.

“Businesses should immediately check for updates to their operating systems and anti-malware software and download them where needed.

“We advise small firms to make sure their data is backed up – if the worst happens, data cannot then be held to ransom.”

Link: FSB research into ransomware attacks