Four Lessons We Can Learn from the Cyberattacks of 2017

Cyber security has been a hot topic for a while now, but its relevance absolutely blew up in 2017. In May 2017, WannaCry ransomware spread like wildfire across the globe crippling public utilities and large corporations alike, particularly impacting those that were still running older versions of the Windows operating system. But that was merely a prelude to what would come later. In September, Equifax, one of the largest credit reporting agencies, announced hackers had accessed the records of 143 million of their customers. Hackers got away with people’s names, Social Security numbers, birth dates, addresses and even some driver’s licenses numbers. And 2018 isn’t off to a great start either as Intel recently announced many of their chip models contain a design flaw that leaves pretty much every computer built with an Intel chip vulnerable to snoopers searching for sensitive data. This flaw affects chips manufactured from 1995 onward, with cloud environments hit hardest. Google, Amazon, Microsoft, and Intel have been working for months to release patches for these vulnerabilities, dubbed “Meltdown” and “Spectre.” Cybercrime, computer viruses, and attacks are not going away. If anything, we should expect to see more of them in 2018. So what can we learn from them? Here are four lessons:

Avoid “End of Life” Scenarios

Not everyone can afford to upgrade to the latest desktop or server operating system. But you should not wait to replace your software or hardware until it has reached its end of life, when the manufacturer no longer releases security updates.Computers running Windows 10 were safe from WannaCry, but the ransomware still spread quickly because so many companies were still running Windows XP and Server 2003, which already reached end of life years ago. Microsoft announces end of life dates for its products years in advance. For example, if you are currently still running Windows Vista, you should upgrade right now. It went end of life last April, but Windows 7 users are safe for two more years.

Do Not Assume You Are Immune from Attack

When companies as large as Target, Home Depot, Equifax, and even the NSA, fall victim to cyberattacks, nobody should feel overly confident they are immune from attack. Some small companies may believe they are safe because hackers will go after larger and richer companies, but that is not always the case. Symantec reports that 43 percent of cyberattacks targeted small businesses, primarily through phishing schemes. Quite the opposite, some hackers will go especially after smaller companies because they are smaller and less likely to have security measures in place. Our lives and our data reside in a digital world, which means there will always be criminals searching for ways to reach it. No company, big or small, should ever assume an attack cannot happen to them.

Train Your Employees

One employee falling for a phishing attack or clicking on a bad link can put your entire organization at risk. Your employees should be trained to deal with suspicious emails and recognize the signs of a phishing attack. They are your first line of defense.Some companies have made changes to become less reliant on email such as using a product like Slack, Stride or Microsoft Teams that allow colleagues and partners to communicate outside of email. These products, and those like them, may reduce your risk of attack because they have security and scanning features built-in. They also block outsiders from spoofing email addresses, but they should be viewed only as one of multiple measures to be taken against attacks. They’re not a guarantee cyberattacks will not happen to you or won’t be successful.

Back Up Your Critical Data

One cannot overstate the importance of backing up critical data. WannaCry brought this issue to the forefront when it encrypted confidential data and then held it hostage until the owners paid a ransom. Security experts predict that over 100 companies paid the ransom because they did not have backups of their data. Backing up your data is one of the most basic and simple routine steps you can take to help ensure data safety against loss. It is unfortunate that so many companies and individuals have postponed making backups. Some people get lulled into a false sense of security assuming someone else is taking care of it. Do not make this assumption with so many effective products and services at your disposal. As ransomware attacks increase, having a comprehensive, offsite backup is the best guarantee that you will be able to keep your business running, even in the face of an attack. Even better, should your data be held ransom, you can restore from an earlier backup and thereby retrieve your data in an unencrypted format.

Conclusion

The year 2017 brought us some of the largest and most publicized cyberattacks we have ever seen. Bitdefender found that ransom payments hit $2 billion in 2017, twice as much as in 2016. Given the success of these attacks, expect to see more of them in 2018. Mark Nunnikhoven, vice president of cloud research at TrendMicro said, “As we do more and more of our business online, and as criminals realize the value of the data that organizations are protecting, we're seeing more big-name breaches, and more high-profile breaches.” We cannot stop all attacks, but we can help mitigate the damage they cause by learning from our mistakes.