Logicalis is warning local businesses to check systems are up to date, and ensure staff are properly trained, before cyber criminals prepare the next wave of malware.
Over one weekend, the WannaCry virus has affected over 200,000 computers in 150 countries around the world, according to Europol. Organisations include healthcare providers, transport companies, distribution firms, universities, and governments, everywhere from Russia to China, the US and the UK.
James Gillies, Technical Consultant, Logicalis, said: “Malware like this is designed to exploit vulnerabilities in a system, spreading rapidly through networks. Older systems, that are no longer fully serviced with updates may be more vulnerable.
“The mass-exploitation of vulnerable operating systems such as Windows XP was an ever-increasing risk and this weekend’s events have even been described as a ‘Wake Up call’ by Microsoft.”
Malware is on the rise, with damages from ransomware costing businesses an estimated $1.2 billion a year. The payment demands from WannaCry alone are so far $230 million, before you even consider the cost of damages.
When trying to avoid becoming a victim of cybercrime, Logicalis recommends three key layers of defence: Patching and next generation virus technologies; 24/7 security monitoring by a Security Operation Centre; and Security Awareness Training to help staff learn how to deal with fraudulent emails and social engineering.
James said: “Cybersecurity is a journey, not a destination, and there is no silver bullet, however, businesses need to develop a security mindset and work with trusted advisors if they are going to improve their chances of not becoming a victim of cybercrime.
“Keeping your system up to date with next generation virus technology and applying patches to protect software against vulnerabilities is the first step. Monitoring your systems 24/7 to identify breaches when they occur so you can minimize the damage, is the next.
“According to KnowBe4, 3% of exploits attack the vulnerabilities in a system, but 97% of exploits attack the human via social engineering. With people still the weakest link, regular
training programs, backed up with simulated phishing attacks to gauge staff responses to such attacks are probably the most important way to protect your business.”