Many of you will be familiar with the story of the Dutch boy who plugged a tiny leak in the dyke with his finger. Passers by raised the alarm and help came in the form of those who could fix the hole and avoid a disaster.
We can easily relate this to the recent, well-publicised ransomware cyber-attack which caught out several large organisations across the world. One harsh reality is that Microsoft released a patch in March which closed the ‘hole’ subsequently exploited so widely in May. The reasons organisations, particularly larger companies, may postpone updates are many and varied but one can’t get away from the reality of how different things would have been had this particular patch been installed. Some organisations are also ‘forced’ into running various legacy systems which increases the chances of points of weakness in a network – the risks are evident.
What of those who came to help the boy with his finger keeping back the ocean? Many returned to work on 15th May with a heightened awareness regarding the potential vulnerability of IT platforms. This was all well and good so long as the follow-up help was genuine. Alas we had a period of perfect storm where writers of malicious code could exploit further opportunities under the guise of advice or solutions; mails or websites purporting to offer patch fixes or scan tools which only created more holes. In amongst the confusion there are documented examples of genuine advice been dismissed as possibly fraudulent.
So should we keep relying on small boys to plug the holes or build better dykes? I’m stretching the analogy now but the point I wish to make is that there isn’t one single, easy-fit solution. The protection available is from the cumulative effect of various devices, software and best-practice which help make the network a safer environment.
- Anti-virus software – ensure appropriate, commercial software is installed. Users of our preferred anti-virus solution ESET were protected from the Wannacry threat and its variants.
- Firewalls – devices should be up to date all external access limited as far as possible.
- Passwords – users and devices should be covered by an appropriate password policy.
- Users – our final (or first – arguments for either) line of defence remains the person in the chair. Interaction with email content, internet use, choices of password, etc. remain a point at which the network is vulnerable.
Within our May Contain Nuts section you will find articles which cover topics such as good password practice and how to approach emails with scepticism and vigilance. We have also outlined the importance of a tried and tested backup procedure as an essential part of business continuity.
This may be an ideal time to have your network reassessed to ensure that all operating systems are up to date, password policies are appropriate and enforced, users have access to appropriate guidance on usage, and all available tools are in place. Please do contact us if you wish to discuss any of these issues.