“Maybe you are busy looking for a way to recover your files but do not waste your time.
Nobody can recovery your files without our decryption service”.
This is what users infected by the WannaCry virus read on their screens having accidentally let the malware in. Unfortunately, the criminals were not lying in this case, as most businesses are not equipped to decrypt their files following an attack like this within an acceptable timeframe. Some might be able to recover their files, especially when the malicious code is not too sophisticated, but it is likely that it will take a long time and thus incur significant financial losses to do so. Dealing with an infection once it happens can be painful; however, the good news is that by following the right guidelines it is possible to drastically reduce the chances of that happening.
At this regard, it is interesting to look at the threat, in order to better understand the response. According to Kaspersky lab, WannaCry is an encryption programme that uses an exploit, which is a piece of software that takes advantage of the weaknesses in an operating system (in this case Windows) in order to install malware. The main ways to bring the exploit into a computer include clicking on the wrong link or downloading a malicious attachment from an untrusted source. Once the malware is into the system, it encrypts all or part of its data and asks the victims to pay a ransom in bitcoins. If they do not pay within a few days, they can forget about all the hard work and long hours they spent in front of that machine and sadly they can start counting their losses.
The case of WannaCry shows once again how the weakest link in a computer system is the human operating on it. There is no firewall that will protect a computer from an employee clicking on the wrong link thinking it’s just another invoice. Industry research shows that the vast majority of ransomware is delivered through phishing and social engineering attacks, revealing the need for better education and awareness-raising programmes. Information security experts are doing an excellent job in designing the right technical solutions against cyber criminals, yet they might be struggling to deal with the human aspect.
In this respect, business continuity (BC) professionals can provide a great deal of help, as their job is to know a business from top to bottom, understand its weaknesses, and make sure everyone is aware of their role when preparing for a crisis. Continuity and recovery tactics place a big emphasis on resources, such as IT and information equipment, also taking into account people, premises, and suppliers. The strategies adopted for recovery by BC professionals include replication, which means being able to recreate the necessary conditions to keep the business running while the main site is not operational. Thus, a BC professional will always make sure business-critical resources such as data are backed up, in case something (such as ransomware) makes them suddenly unavailable. Backing up files is the most effective and quickest solution to get up and running after being hit, and it is sometimes neglected as a practice due to a lack of threat awareness, rather than technical ability. BC professionals will know how to embed a strong safety culture among staff members, having experience in managing awareness campaigns. This can go a long way when trying to educate employees on how to avoid falling for phishing or social engineering attacks. After all, organizations are already starting to move in this direction. According to a BCI survey, 75% of the respondents had business continuity arrangements in place to deal with cyber disruptions.
The recent attack presents a great opportunity for organizations to improve their response and make lasting changes to become more cyber resilient. In the next few weeks, 'ransomware', 'back-up' and 'disaster recovery' will probably be the buzzwords of the moment, but the real challenge will be not to forget about them in the long term. Business continuity professionals have been advocating for better arrangements to prevent disruptions of this kind for a long time, and they will keep doing so. Thus, if you’re looking for someone to thank for implementing the right measures the next time ransomware strikes, business continuity professionals are likely to be the right choice for your business.
Gianluca Riglietti CBCI is currently the Research and Insight Associate at the Business Continuity Institute, where he provides support in managing publications and global thought leadership initiatives. He graduated at King’s College London in 2015, completing a Master’s in Geopolitics, Territory and Security.