4 Lessons Learned from the WannaCry Ransomware Attack

Earlier this month, hundreds of thousands of internet users were brought to their knees by a large-scale ransomware assault dubbed WannaCry.

17:13 21 June 2017

It affected computers at hospitals, universities and even telecommunications companies, all around the world, spreading like wildfire in the span of a few days.

 

Interestingly enough, it turns out that the National Security Agency (NSA) knew about the vulnerability in Microsoft's Windows software that made the takeover by WannaCry possible. But instead of notifying Microsoft so that the issue could be rectified before a security breach, the NSA opted to keep quiet so that they could use this vulnerability against any enemies of the state, if the time were to become necessary.

 

Yet, in the chaotic aftermath of this security breach, it is obvious that was not the right decision and that things need to change if we want to avoid issues like this in the future. Here are four lessons WannaCry has taught us.

 

Help When You Can

The internet is a borderless battleground ripe with opportunities for enemies to take aim. In our international economy where worldwide companies have computer networks linked all over the world, this vulnerability is magnified. That is why government intelligence agencies like the NSA need to share information with relevant companies or agencies when they spot a weak area of security, instead of hoarding knowledge of the vulnerabilities. We all benefit when things remain secure and run smoothly.

 

Patch Management is Critical

Large companies like Microsoft routinely (usually on a monthly basis) deploy a patch to correct a security vulnerability in their software. But WannaCry has shown the need to dig deeper and work harder to find vulnerabilities so that they can be patched before they become exposed as an issue. For companies with multiple versions of outdated software still in use around the world, it's equally crucial to deploy patches to fix holes in old software versions that are in use, as it is to patch the latest versions.

 

Use All of the Security Features at Your Disposal

Just because large corporations are typically the targets of attacks like WannaCry does not mean that we don't need to be more stringent about security on our personal devices. The latest smartphones are built with this kind of security to help keep user information safe and offer a little peace of mind. For example, Samsung Knox, the tech giant's enterprise mobile security solution, now comes with many of the company's latest mobile devices. The Samsung Galaxy S8 plus also comes standard with a fingerprint scanner and an iris scanner for even more impenetrable security.

 

Digital Security Protects More Than Just Data

 

A portion of the targets of WannaCry were hospitals, including the U.K.'s National Health Services organization, whose care facilities were brought to a standstill during the outage caused by this ransomware strike. While many people's concern goes straight to all of the personal data lost in hospital computer systems, an even more serious array of targets was affected: medical devices. In an age where so many life-altering medical devices are powered by internet-enabled computers, ransomware like WannaCry has the potential to yield even more deadly effects. And what's more, there are many secondary effects of these kinds of attacks, like patients who are unable to get medical care when the hospital they are at is in the throes of a mass computer system outage.