Arraya Insights | May 16, 2017
During the last two weeks, an unprecedented number of cyber attacks swept the globe leaving organizations across every industry scrambling to recover. In the U.K., 16 National Health Service facilities were affected by ransomware known as “WannaCry” forcing them to divert emergency room patients to unaffected hospitals. In Spain, the same malware hit one of the country’s largest telecommunications companies to the point where employees were notified to shut down systems in order to prevent the malware from spreading further. Even the global delivery giant FedEx was impacted, admitting in a statement to NBC News, “like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible.”
This attack comes on the heels of tech giant Google disclosing details on an attack that was launched affecting its Google Docs application. This attack was effective in that it actually took advantage of legitimate authentication protocols that can result in granting full permissions to the attacker to email and other connected accounts. Google quickly shut down the incident, but not before users were already affected.
More Attacks to Come
The U.S. Computer Emergency Response Team issued an alert Friday afternoon warning organizations to be on the lookout for more WannaCry attacks. The New York Times is reporting that the exploit for WannaCry software was stolen from the National Security Agency. This malware was identified across 74 countries. While U.S. government officials have not confirmed that the NSA lost these tools, it’s safe to say that in the wake of the attacks seen over the last couple weeks, companies of all sizes need to be on the alert. Ironically, these events happen at the same time that the White House released an executive order requiring federal agencies to adopt the NIST Cybersecurity Framework controls.
Plan, Protect and Prevail
While all of this can be extremely scary, the good news is, with the right security controls, it’s possible to defend against these attacks. Arraya’s Cyber Security Practice is well versed in deploying ransomware defense technologies and strategies. Our Vulnerability Management Services and framework gap assessments are specifically targeted towards defending against the kinds of threats unveiled in the last week. Additionally, Arraya’s security incident and event management solutions combined with advisory services like training and awareness, incident response planning, and disaster recovery options arm companies with the tools they need to combat advanced persistent threats and recover quickly in the event catastrophe does strike.
Arraya’s Cyber Security Expertise
Many companies want to leverage best in class security expertise without the burden of building an entire security staff from the ground up. Arraya’s Cyber Security Practice offers businesses the ability to do just that. Arraya’s Advisory Services enable organizations to gain the expertise of a seasoned CISO, at a fraction of the cost of hiring one. Additionally, Arraya’s Cyber Security Advisory Services can work across departments and organizational roles to develop world-class, holistic security solutions. To find out more, contact us at: https://www.arrayasolutions.com/contact-us/.