WanaCry? Good News or Bad News?
With the massive hit by Ransomware WanaCry. People started beating up their IT Guys, Restoring backups and many of them crying over their damage done.
But is it all bad news? … As a Security IT Candidate(still studying), im looking at it from a different point of view. Lets review the same.
- This exploit was in the industry exposed for along time, with most of the microsoft windows version exposed. NSA found the exploit and kept it hidden. For what? Cyber War? Target a specific Country? (based on IP ranges)
- Two of the major countries hit were India and Russia. That are the world’s Top Software exporters. How can 2 IT Superpowers who developer majority of the software in the world are the ones hit the most?
- Howcome, all the Antivirus engines, top Firewalls couldnt stop this attack?
if we consider these 3 points, then focus on my 4th point :
4. Is there any more major exploits that NSA is hiding? only to be released at the right moment?
Having thought about the above, its time we re-visit our IT Security policies and focus more on open source platforms than depend 100% on commercial platforms that you cant control.
- Have an IT Consultant to bring in Opensource solutions to review your network and platform
- Ensure your backups are perfectly in place and restoration process tested. You can use alot of free tools.
- For me, i run a combination of Eset Antivirus + Malwarebytes Premium (it costs more together but i know i have a dual benefit)
- Block Everything on the firewall. Ensure your firewall default rules is block everything and open only whats needed.
- SMB – Filesharing is old school. Use encrypted Cloud based sharing.
- If you are a company, work with Hosting Providers that you can personally trust. Going to large scale providers just to save some money, is putting alot of your data at risk.
- Work with Real IT guys. Just becoz your son, brother’s son, aunty’s son etc. play with their mobile phones , install games doesnt mean they are really well versed with IT. Thats why, we have certification processes, to differentiate between real IT guys vs the common everybody.
- Do your windows updates regularly. Dont skip this becoz of the time hassle.
- Dont click and open any random email, banner, usb from unknown sources. Even if you get anything convincing from a friend, its better to call and reconfirm.
- Invest in opensource technology as much as you can, and then further customize/harden it with your own local IT team / contact
So for me, this incident is good news as it has opened our eyes to the seriousness of IT security which has always been a backburner for many.