On Friday 12th May, the largest ransomware attack in internet history rippled across the globe. The WannaCry malware struck more than 200,000 machines in 150 countries in a matter of days. The malware locks users’ files and demands $300 (£230) to regain access. By Monday 15th May approximately $50,000 worth of bitcoin payments had been made to the hackers.
The UK’s National Health Service (NHS) was one of many victims and was left vulnerable following a reliance on Windows XP. Some reports state 90% of NHS trusts run at least one Windows XP machine. WannaCry infiltrated computers, telephone lines, MRI scanners, blood-storage refrigerators and theatre equipment. The general public were turned away from A&E, patients awaiting vital surgery were left in limbo, surgeons communicated via mobile phones and x-rays were transported via CD’s – disaster had struck.
The WannaCry attack is a worldwide wake-up call and a reminder of how important it is to get basic online security right.
This is, of course, easier said than done. As the digital revolution unfolds, the NHS and many other businesses are becoming increasingly reliant on internet connected devices. It is far easier for IT teams to remember to renew security software on computers, however, what about the fleet of MRI scanners with smart internet functionality? Each and every device that is connected to the internet needs to be protected against the threat of a cyberattack.
With 38 billion IoT devices expected to be in the world by 2020, the issue will become even more critical. There have been a number of large-scale attacks against IoT devices such as CCTV cameras, smart televisions and home automation systems. These attacks have transformed the devices into ‘botnets’ capable of launching Dedicated Denial of Service (DDoS) cyber-attacks. In some cases, consumers are totally unaware that devices have been corrupted.
In coming weeks, the focus will undoubtedly remain on who instigated the attack. However, businesses should treat this as an opportunity to reassess their cybersecurity processes. It is almost impossible to predict when an attack will occur, so it is more important than ever that businesses have the software in place to protect assets and manage the aftermath.