You only live twice
2017 a year of destructive malware
Blog: Tero Mellin
28.12.2017 – Is your organization’s vulnerability patching process up to date? If not, I hope your backups are solid and the terms Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are not unfamiliar to your cyber security team. Two cases of widespread ransomware earlier in 2107, WannaCry and NotPetya, were a grim wakeup calls and examples of how a seemingly innocent lapse in your organizations patching process might end up making a deep dent in your quarterly business report.
Ok, I give you this. WannaCry caught many of us by surprise. Also us cyber defence guys, though there will be many professionals who will feel tempted to say “I told you so”. But hindsight aside the fact is that WannaCry was able to spread like a wild fire. Root cause pretty much was that organizations were not fast enough to patch their systems for a well-known vulnerability. Fast as term being relative, it here means not patched within few months. NotPetya followed WannaCry about a month later and it was far more destructive.
So, what should we learn?
Patch your systems. Yes. But that’s not always as easy as said and done. Large organizations are not ignorant. But sometimes their IT processes are put under a tremendous pressure where downtime even for a simple rebooting of the system is not possible. In particularly when it comes to patching processes of industrial scale in Operational Technology.
One thing we should learn is to ensure our operations allow for a necessary downtime for normal IT maintenance. Other thing is to ensure we have failsafe systems in place. I heard a story about a global service business running a script that randomly kicks a server or two down, just to test that they are prepared for any unavoidable kinks in their systems. In many cases we don’t need such scripts as the systems are anyway prone to fail by themselves. In worst case it is the deliberate destructive ransomware that forces us to run patches and vulnerability updates, once we’ve first recovered everything from backups.
Speaking of backups
In case your files become encrypted or otherwise unavailable. Do you have your processes tuned so well that you minimize the downtime and be sure that nothing truly critical is lost? For the second time or in worst case for life?
My job is to help you and your organization live twice. Let’s build your cyber strategy. Ensure you are equipped to be secure and become vigilant to identify what mishaps might be ongoing in your environment and how to plan your business resilient enough to survive.
Cyber Security service line leader