Learning from a cyber attack

New research also reveals that two thirds of UK businesses have no official ransomware policy to guide employees in the event of an attack.

Organisations must protect and educate their users, says Tankard

There are many reasons organisations do not follow the latest software releases but what seems to constantly fail, is the “thought process” around protecting what you have, warns Colin Tankard, managing director of data security company, Digital Pathways.

Tankard explains that in the most recent cyber attack that affected the UK’s NHS as well as organisations around the world, the malware was delivered through spear-fishing emails which, when opened, triggered a cyber-contagion on the internal network.

Being a hybrid design it had a worm element, allowing it to spread through internal systems for maximum reach and effect. “What was interesting is that the infected system’s settings were scanned to work out the user’s language, then displayed the ransom demand in the correct language for the victim. It also changed the desktop backdrop in order to ‘grab’ the victim’s attention – no subtlety there,” he says.

“From reports it seems the fix was published back in March but, as with many patches, some organisations were slow to update. However, this malware also attacked older Windows operating systems which Microsoft had removed support of years ago, and are no longer supported. This is why the NHS was so affected.”

Read full article Here