On May 12th 2017, cyber criminals launched what is believed to be the biggest ransomware attack ever recorded. This ransomware outbreak, dubbed “WannaCry,” spread with unprecedented speed, taking down the systems of more than 100,000 organisations in over 100 countries—all within a span of 48 hours.
Although the magnitude of this attack surpasses all others of its nature, beneath its success and that of its counterparts lies the same prevailing issues: unmanaged risk and pending vulnerabilities. In this particular case, the vulnerability in question is widely thought to have been attributed to unpatched Microsoft systems.
There is also a wider issue. As systems often reside within a business silo or line of business, responsible stakeholders are regularly not IT nor security experts, but rather those focused on their individual business targets. If these silos were to host these systems virtually in the cloud, organisations could then ensure that their mission critical operations are always in the hands of experts. There’s a solid chance that this move can prevent future breaches on the scale of WannaCry.
The danger of unpatched, outdated systems
This latest ransomware onslaught is a resounding reminder of the importance of security basics, especially when it comes to Microsoft product patching. Security professionals have long stressed the importance of basic security hygiene, such as patching and backups. However with the pace of change and the demands of agility in today’s environment, that advice can often be deprioritized by complacency, when security updates are perceived as both an inconvenience and an additional overhead for the business.
For example, a flaw in a file sharing protocol of the Microsoft Windows Operating System was fundamental in its contribution to the scale of this attack, and this could have been very easily avoided. Those who applied critical Microsoft Windows patches released in March were protected against this exploit. Those who didn’t were left at risk.
The sheer scale of this attack shines a light on just how many organisations have outdated, unpatched systems and acts as a wake-up call to business and IT professionals to mitigate against future instances. Arguably, the impact of WannaCry could have been significantly reduced had critical Microsoft Windows patches been applied in time throughout organizational networks. This draws us back to a poignant reminder that with systems managed in the cloud, patches and updates are often applied automatically following extensive testing, thereby removing this potential vulnerability.
Safety in numbers
Beyond automatic patching, hosting systems in the cloud also provides exponential scale in terms of monitoring and threat detection. Through continuous, centralised monitoring in the cloud, security incidents are quickly detected and managed. Providing this level of security at the outset and on a proactive basis as opposed to reactively means that any issues or intrusions detected are given immediate attention by the right experts, who can take action for every potential piece of data exposure, whether pertaining to individual customer or organisational data. This extends to malware prevention, including ransomware such as WannaCry.
The depth of data available is key here. IBM for example has the largest database of known security threats, with 8,000 security experts monitoring more than 270 million monitored endpoints and 20 billion incidents daily in 133 countries. Conversely, many businesses are working in the dark, not even aware they have been breached until it is too late and the damage has already been done. By using a managed cloud provider that has security expertise and access to all of the latest data, brands can ensure that any kind of incident will be managed, immediately, by a dedicated incident manager.
Backup to stay up
Maintaining full visibility of data residency as well as ensuring regular data back-up routines are two practices, which are critical to sound security hygiene. These back-ups must be secure as opposed to constantly connected or mapped to the live network. They must also be tested periodically to verify their integrity and value in case of emergency.
Whether organisations have chosen an on-premise, off-premise or hybrid solution, vendors must ensure timely, secure back-ups and disaster recovery. Businesses may even opt to back up their data across data centres in different regions, ensuring that if one region is affected there is still continuity. Through perimeter security in a hybrid solution, businesses can also ensure that an issue or incident will not be transferred from public to private environments.
Beware of ‘weak links’
Finally, it is well known in the industry that one of the most volatile security vulnerabilities in an organisation is its people. Identity and access management (i.e. the knowledge of who has access to what, and where) is therefore absolutely crucial. Cloud identity management, often now known as ‘Identity as a Service’, is a practice businesses must employ to maintain complete control over this, minimising the insider threat and ensuring that there are no weak links in the chain.
That being said, humans are not the only weak link. Hardware can also prove to be vulnerable. This trend is beginning to shift with the advent of bare metal cloud servers, allowing businesses to have confidence that security is baked in at microchip level. With hardware monitoring and security controls, businesses can be assured that workloads are only being run on trusted hardware. This provides an essential level of confidence and compliance certification.
Prepare for the inevitable
Ultimately, brands cannot afford to be complacent when it comes to security, especially as GDPR enforcement coming next year brings with it the prospect of hefty fines in the cases of data breaches and data accountability. Surveys show that for some brands, these fines hold the potential to shut down operations altogether. Although unique in scale, security incidents are a growing force and WannaCry won’t be the last global attack we see. In fact, these incidents hold the potential to become even more frequent and devastating in their impact as our economy and workforce become more reliant on digital means. Many businesses do not have the capacity or expertise to take full responsibility for their data security. In many cases, a more effective cloud strategy will place organisations in a stronger position to mitigate against the potential to fall victim to the next generation of WannaCry campaigns.
Helen Kelisky, VP Cloud UKI, IBM
Image Credit: Carlos Amarillo / Shutterstock