The WannaCry Attack One Year On – Why Resilience Should Reign
On Friday 12 May 2017 the global WannaCry ransomware attack affected more than 200,000 computers in at least 100 countries. In the UK, the attack affected the NHS in particular, although it was not the direct target. One year on, the UK government issued a report that looked into the fallout of the WannaCry attack, identifying the failings that could leave the UK public sector vulnerable in the future.
While the report took into account public sector organisations’ readiness and communication when the attack occurred, it only highlighted shortcomings in the current plans. Advice for organisations on the steps they should be taking to avoid this happening in the future was limited.
The most alarming part of the report, for us, was around the lack of communication, and execution of the DR plan during the cyber attack. The report states that the IT department for NHS England had ‘developed a plan for responding to a cyber-attack, but it had not been tested with local organisations’. As commendable as it is to have a plan in place, not rigorously testing it was a huge mistake.
At Zerto, we know that strict testing of an organisation’s DR plan should be done on a regular basis. After all, what’s the point of having a plan in place if nobody knows whether it works? Ideally, an organisation should test its plan at least once per quarter, and, in the case of highly regulated industries such as healthcare, testing should be undertaken as often as monthly.
As well as rigorously testing the plan, the entire team needs to know what to do, which means it needs to be documented in detail and successfully distributed. This was something else that was specifically highlighted in the report – local NHS bodies did not know who to contact or what actions they should take when the WannaCry attack hit.
The good news is that, with a few easy steps, organisations can improve their communications around ransomware, and be better prepared before the next big wave of attacks happen. To begin their preparations, organisations should:
- Make sure everyone in the team knows what they are responsible for during the implementation of the DR plan, including staff and relevant vendors.
- Create a risk profile, and ensure everyone knows the trigger points, based on risk and business impact analysis.
- Make technical adjustments to secure your network, following our Beat Ransomware in 10 Steps guide.