What can the financial services sector learn from the WannaCry ransomware attack?

What can the financial services sector learn from the WannaCry ransomware attack?

Unless you’ve been in hiding, you will know about the ongoing ransomware attack by the aptly named WannaCry cryptoworm, which is encrypting data and demanding ransom payments in the cryptocurrency, bitcoin.

The attack was global in scale, and brought parts of the NHS to a standstill, along with Telefonica in Spain, FedEx, Deutsche Bahn and LATAM Airlines, to name a few.

For financial services firms, WannaCry is a wakeup call, because although the sector seems to have escaped relatively unscathed, so far, the next attack is just around the corner, and:

  1. WannaCry has all the signs of an amateur attack. The relatively easy to find “kill switch” hidden in the code. The apparently manual ransom payment mechanism, whereby victims were sent an individual code generated by the hackers. Not conducive to a well organised, slick, global attack and more indicative of a trial run by some inexperienced cyber criminals. The small number of bitcoin payments received so far, which can be publicly seen by anyone. All of this points to an amateur attack, which is terrifying if you think about the damage a well-executed, professional attack could do.
  2. WannaCry did not target the NHS in particular, or choose countries to attack. It was a phishing attack aimed at Microsoft operating systems, which is fairly indiscriminate. Phishing attacks like WannaCry rely on human error. People are people across the world, so this is a stark warning to up the ante, with regular staff training on cybersecurity best practices, to update your policies and procedures regularly, and in an engaging way. However you choose to get the message across to users, make sure you do. They are your weakest point.
  3. Patching alone is not the answer. By its nature, patching is reactive, not proactive or preventative. That said you should still ensure security patches are installed and maintained as a first line defence. WannaCry uses the EternalBlue exploit and DoublePulsar backdoor to spread through local networks and remote hosts that have not been updated with the most recent security updates, to directly infect any exposed systems. A patch was developed by Microsoft two months ago, but many organisations haven’t yet applied it.
  4. IT departments need to do their bit. Encourage users to back up files and data to a central location, which is managed, secured and encrypted by you, the IT department, who will of course have a multi-layered, comprehensive cybersecurity strategy in place… If the worst happens, you won’t lose any critical data, customers’ data won’t fall into the wrong hands and you won’t fall foul of the regulatory bodies.
  5. Cybercrime is a profitable business. Organisations selling monthly subscriptions to vulnerabilities kits, and easy access to malicious code make it an attractive proposition, so beware.