WannaCry: four cybersecurity lessons for businesses

By: James Blake

Date: 28 May 2019

An entrepreneur discovers his laptop has been targeted by cyber attackers and vital files have been hacked. It was May 12, 2017, when the first victims of the ransomware cryptoworm realised something was wrong.

Rather than their home screen, they saw a red box with a countdown timer on the left, a large text box in the middle and a Bitcoin wallet address at the bottom, where you were instructed to send $300 worth of the currency. If you didn’t? Your files, which were now locked behind tight encryption, would be destroyed.

Businesses large and small scrambled to respond. Many had dozens, hundreds or thousands of computers on the same network, exhibiting the same terrifying warning. Hundreds of millions of pounds of data and work would be lost instantly if payment wasn’t made. The attack became known as ‘WannaCry’.

It wasn’t just businesses that found themselves at the mercy of the worm, with the NHS and the United States’ National Security Agency also finding themselves victim.

Exploiting vulnerabilities

The attack was made possible by vulnerabilities in Microsoft’s then 15-year old operating system, Windows XP. Support for the operating system had already ended in 2014, and Microsoft had urged businesses and customers to upgrade to newer Windows versions to limit their vulnerability to attacks.

Needless to say, those warnings often fell on deaf ears. Although WannaCry was eventually overcome by cybersecurity experts, over 300,000 computers were infected, wreaking havoc and costing the NHS roughly £92 million. Many individuals and businesses simply paid the hackers, afraid that they may lose their valuable files.

The real tragedy, however, was just how easily avoidable WannaCry was. Rather than some work of supreme hacking genius, cracking open modern and sophisticated software, WannaCry was an opportunistic infection, preying on deeply flawed cybersecurity planning.

Four lessons learned

WannaCry is now dead, but there will almost certainly be similar attacks in the future. Here’s how to avoid them without breaking the bank.

1. Never use depreciated software

If crucial software is no longer being supported by the developer, do not use it. A large part of the value proposition for software like Windows is their thousands of developers working tirelessly to patch any holes in their software’s security. They do it so you don’t have to - just remember to always update to the latest version.

2. Secure your internet connection

Web-based hacking attempts are growing more common and more sophisticated by the day. Utilise a Virtual Private Network (VPN) to secure your internet connection.

Whether you’re sharing files between offices or connecting to your office computers from outside work, the SaferVPN review on VPNbase suggests that its 256-bit encryption is up to the task.

3. Be mindful of phishing attempts

‘Phishing’ is the art of creating emails which resemble legitimate communication, but are actually cleverly disguised attempts to steal your security credentials. With those, hackers can easily enter your system and infect your hardware. Total vigilance is required.

4. Invest in good quality anti-virus software

Anti-virus software has come a long way in the last decade, so don’t ignore it. Read reviews and find good quality business-focused anti-virus and anti-malware software.

Many products aimed at small and medium businesses even have dedicated support teams - something that can prove vital when you don’t have a dedicated IT team.

By deploying these four simple and affordable cybersecurity tactics, you can dramatically decrease your chances of falling victim to an attack.

Copyright © 2019 Article was written by James Blake