TECH EXCHANGE | A ZDNet Multiplexer Blog What's this?

Remember the Essential Eight so you won't WannaCry

Security basics are your best bet.

The lessons were immediately clear for the close to one million Gmail users who fell victim to a phishing attack in May, that compromised email accounts -- watch out for suspicious email and avoid clicking dodgy links.

It was far less clear when that same month the WannaCry ransomware ripped through organisations around the world, locking up computers unless a ransom was paid.

Phishing was not to blame for at least the majority of WannaCry infections, which occurred when the malware spread over vulnerable instances of the Windows Server Message Block SMB) file sharing protocol. Nor was clicking on dodgy links.

In fact no action was required by an end user to be infected.

WannaCry exploited a vulnerability in Windows SMB spreading to unpatched devices that were directly connected to the internet.

Infected machines formed a beachhead from where the malware could spread to devices behind firewalls.

The ransomware hit the ground running, spreading to tens of thousands of machines across Asia and Europe and generating headlines in dozens of major newspapers.

While the headlines were new, the security lessons of WannaCry were not.

The lessons centred on fundamental security best practice, for system administrators to get back to security basics: expedite applying available patches, and harden networks in line with security best practice.

Those lessons should not stop there, however. As organisations review their WannaCry incident response, it serves as a good reminder to review broader security strategies that could help mitigate or limit exposure to threats yet to emerge.

Administrators should cast an eye to the Australian Signals Directorate's Essential Eight to review their state of security. Are critical vulnerabilities patched? Do application white lists exist? Are user administrative credentials limited? What about Microsoft Office Macros?

And of course, ensuring critical data is backed up is crucial to limiting impact from ransomware.

Organisations should also be aware of the excellent Computer Emergency Response Teams (CERT) operating in various countries who are often quick to update the public on security matters. CERT Australia and New Zealand's CERT NZ were among the first to publish useful guidance on WannaCry.

These are some of the most pressing security considerations that when met will go far to elevate the cost to attackers in targeting your organisation, to limit the damage done in any successful attack, and reduce your exposure to the next WannaCry.

For more security go to Telstra Exchange.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All