Today Monday, May 15, 2017, it is time to take stock of what we have learned after the tremendous attack suffered by institutions and company last Friday, May 12. They are non-technical reflections, from common sense, that should help us avoid or mitigate similar incidents in the future. Like this:
- Against SPAM and malware: It is not enough to have a good anti-spam, anti-virus and anti-malware service. It saves us a lot of threats, but we can’t be 100% calm.
- Against the technique called “Social Engineering”: The human factor, because of its unpredictability, always constitutes the weak link of the chain. Training and awareness-raising help reduce risks, but we can’t stay 100% relaxed.
- Against software vulnerabilities: Follow the manufacturer’s recommended software update plan. There is no perfect application, and it makes sense: there are many situations not foreseen in its use, and that causes bugs and security issues. Therefore, a good policy of patching and of course, proper licensing and maintenance, are necessary for the best protection, but we cannot remain 100% confident.
- Against ransom requests: Paying a ransom does not guarantee either the return of the information or that they will not attack you again.
- Against Loss of Information: The last lifeboat is backups. And to do this, better to have a good outsourced copy plan. We strongly recommend reviewing and updating backup policies, periodically testing their proper functioning. But we can’t stay 100% calm either…
This attack, while mediated for its wide-without affectation, has not been earlier attack in history, nor will it be the last. Nor has it been the most important or the most harmful. He’s been one more of the many that will follow. Thus, most importantly, it is to develop a good plan of safety and recovery of disasters. And that plan should include clear communication guidelines to our customers, so that it doesn’t affect the company’s image. Because what’s certain is that one day, some attack will affect us in the first person. The question is not when. It is to be prepared for it, and to know how to react as intended.