cyber security

Artikkeli

We are all vulnerable

How’s your cyber security vigilance? 

Cyber risks are on the increase, and will continue to do so for the foreseeable future.

17.5.2017

Last weekend we saw a massive global malware attack. The ransomware nicknamed WannaCry seeks to hijack the victim’s computer and encrypt files in many companies and public services all over the world. What the weekend once again showed, is that we are indeed all vulnerable. The question now is, what can we do about it?

Cryptoviruses are not a new threat nor are the ways to mitigate the impact of the risks, but what this does confirm, yet again, cyber risks are on the increase, and will continue to do so for the foreseeable future.

Below, you find some comments from our Deloitte Cyber team that may help your organization deal with this, but the only way you can win this war in the long term is to implement a pro-active cyber strategy, that has Board and Exco oversight. Attempting to "react" is costly and unproductive, unless it is built into your cyber strategy. Cyber risk is not just an IT risk, and until businesses view it as a dangerous business risk, the cyber attackers will always win.

So what do you do, take a long term business view, and gear up your organization to be secure, vigilant and resilient.

It is reported that at least 200 000 systems, big and small, have been infected worldwide in 150 countries. Latest reports from Monday 15 May indicating that in China alone there are 40 000 organizations effected. Situation in Finland is currently very good, as the numbers are down to a few dozen.

What should you consider to do to keep the numbers low:

1.    Your IT systems must be patched against the vulnerability which makes the infection possible. It is a Microsoft patch MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx). If patching is impossible, ask for other mitigation tactics taken into place by your IT teams. See below for more advisory.

2.    Raise the awareness. Ensure that everyone in your organization knows NOT to open any suspicious email attachments or links. Some reports are warning about malicious advertisements in web sites too.

3.    Your IT department might benefit this SANS organization summary about what the WannaCry is and how to mitigate the risk: https://isc.sans.edu/presentations/WannaCry.ppt

In case your organization is affected:

1.   Don’t be tempted to pay ransom to the criminals. It is highly possible that due to massive publicity of this particular malware the criminals are afraid to publish any keys to actually release encrypted files.

2.   Isolate the systems from the rest of the network to stop malware from spreading and run antivirus software to clean the affected machines.

3.   Best way to recover is completely re-installing the operating system and restoring the files from back-ups.

Deloitte’s cyber division helps organizations to develop their vigilance. Aim is to get pre-warnings of serious threats or find the culprits in your cyber systems. We also help organizations to become resilient and maintain the operation of business even during effective cyber campaigns.

Would you like to know more? please contact us!

Karthi Pillay
Cyber Partner, Finland
+358 (0)50 301 3754
karthi.pillay@deloitte.fi

Tero Mellin
Cyber Leader, Finland
+358(0)50 358 0316 
tero.mellin@deloitte.fi

Karthi Pillay
Cyber Partner, Finland

Tero Mellin
Cyber Leader, Finland

Oliko tieto hyödyllistä?