What is WannaCry?

The malware is delivered as a Trojan through a loaded hyperlink that can be accidentally opened by a victim through an email, advert on a web page or a Dropbox link. Once it has been activated, the program spreads through the computer and locks all the files with the same encryption used for instant messages. Once the files have been encrypted it deletes the originals and delivers a ransom note in the form of a readme file. It also changes the victim’s wallpaper to a message demanding payment to return the files.

Cybersecurity is the topic of the moment in light of the weekend’s cyber-attack which seriously affected the NHS. In England, 47 NHS trusts reported problems at hospitals and 13 NHS organisations in Scotland were affected by the ransomware known as WannaCry or Wanna Decryptor, placing the highly confidential medical information of numerous patients at risk. The ransomware locks patient files which can only be accessed by paying a $300 (approximately €273) in bitcoins.

Who does it affect?

The NHS was not the only organisation attacked – it has gone global and spread to Renault, FedEx and even the Russian Interior Ministry. Due to the nature of information held by the NHS, it is arguably the most important and most worrying attack. Medical information can be worth ten times more than financial information on the deep web. Fraudsters can use this data to create fake IDs to buy medical equipment or drugs, or combine a patient number with a false provider number and file fictional claims with insurers. As a new working week begins, further disruption is to be expected and not only for the NHS but for any companies holding valuable or personal data on clients, employees or otherwise, so it is important to learn from mistakes and protect yourself and your company from a similar cyber attack.

How Can I Protect Myself?

Unfortunately, unless you go offline there is no guaranteed way to prevent such attacks however best practice and subsequent controls as outlined in established security frameworks like ISO 27001 and Cyber Essentials can greatly diminish the chances of occurrence. The recent cyber attack took advantage of a security vulnerability in unpatched Microsoft Operating Systems and the exposed and outdated Windows XP systems which meant that they were insufficiently protected against newer malware such as WannaCry. It is important therefore to regularly update systems and installs patches between full software releases and these systems should be securely configured with strong passwords. Core files need to be frequently backed up as you cannot be held to ransom for data you hold elsewhere. Along with secure technical controls, staff should be aware of such cybersecurity risks and how to proceed quickly upon the realisation that something is wrong.

All organisations should learn from this attack and act now to improve their cybersecurity standards. A cyber attack like this can inflict a massive reputational and financial blow to a company so an investment such as Cyber Essentials* and ISO 27001 is more worthwhile than ever. We offer both services here at Certification Europe, for companies of all sizes. Contact our team today to find out more about management systems like ISO 27001 and Cyber Essentials that allow your organisation to significantly reduce the chances of having a data breach.

Robert Lyons
Robert Lyons

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…
Previous
Next