The mass attack by the WannaCrypt malware which hit more than 300,000 users of Microsoft products worldwide, is another stark reminder that UK businesses should regularly update their IT systems with the latest security patches.
It didn’t help that the US National Security Agency (NSA) had stored this system “vulnerability” to use it as a spying tool. The tool was then stolen by criminals who added the ransomware element. Once it got inside an operating system, it locked the user’s computer and demanded a fee to unlock it which had to be paid in bitcoin.
Unlocked back door
Microsoft has criticised government agencies for stockpiling such vulnerabilities which are essentially bugs that provide an unlocked back door into its operating systems.
Many organisations were affected by the attack from the malware. NHS operations and appointments were cancelled and ambulances had to be diverted in more than 60 trusts across England and Scotland. Around the world many other big organisations were hit including FedEx, Telefónica and the Russian interior ministry.
Within only a few days, many users had already paid the £300 ransom amounting to more than £35,000 worth of payments to a number of bitcoin accounts.
Replace outdated systems
The NHS was vulnerable because some computers still use Windows XP which is no longer supported by Microsoft security updates. Users of Windows 7 and Windows 8.1 were also hit. Microsoft belatedly sent out a patch to help these users.
Gary Jowett from Computer & Network Consultants in Brighton says: “This global malware attack highlights the importance of replacing outdated operating systems and by accepting the regular updates sent by Microsoft and other software providers. Ignoring the fundamental importance of your IT infrastructure is just like failing to repair your fleet of vehicles or forgetting to maintain the perimeter fencing outside.”
Businesses should also remind employees about how to behave responsibly when using company devices and software. For example, by treating all emails and attachments with caution and not using personal USB sticks to transfer data onto company systems.
Collective action called for
Microsoft’s President and Chief Legal Officer Brad Smith blogged that there needs to be more collective action to fight such criminal activity from the tech sector, customers and governments. He said the latest attack is a “wake-up call” for governments around the world.
But it’s also an alarm bell for any businesses in Sussex, Surrey, Kent and Hampshire who have cut back on IT expenditure in recent years to protect other overheads.
Unfortunately, such cut backs can be an accident waiting to happen that will badly damage a company’s reputation and its ability to serve customers in the future.