We’re proud to once again welcome our regular guest contributor, Dr. Laura Marulanda-Carter, to the Mirus blog! In this latest entry, Dr Marulanda-Carter asks; why do ransomware attacks continue to topple major businesses?
With our legs stretched into the New Year, we often find ourselves settling into those ambitious new year resolutions and targets for the future. In education ever more so, as many of our students start to consider next steps and progression into apprenticeships and employment.
Preparing them for a digital world that ensures they have the confidence to learn, forget and relearn to maximise their success is certainly a challenge and an ambition shared by teachers and students alike. So, as I am often asked, how do we do it?
Put simply, students learn as you do: through mistakes.
It's normal that everyone - young and old, PLCs to SMEs, highest to lowest paid - makes mistakes. Due to the nature of experience, however, it is usually our own mistakes that we learn from. But what if it wasn’t? What if more of us learnt from the mistakes and insights of others? The value in listing or inviting students to research ‘cyber crimes’ is incomparable to an IT Director from a local business scrutinising real-life case studies of ransomware with the students directly.
This is the experience that we strive to offer our learners at the Institute of Technology at Bletchley Park.
Enterprises accounted for 81% of all ransomware infections alone, as reported in 2019 Internet Security Threat Report. Following its initial release in May 2017, WannaCry cyber-attacks have taken the top-seat for most blocked ransomware with 5.4 billion attacks to date. And, with its successful infection onto millions of windows systems in around 150 different countries, it is estimated that ransom payments have reached upwards of $4 billion. Could it have been prevented? Some have argued it could have, with simple ‘Basic IT security’. Following the UK’s NHS WannaCry attack, lessons learned have shown that increased cyber-security anti-virus processes, the removal of vulnerabilities in new equipment/storage and regular Microsoft updates would have eliminated the fatal flaws that left the NHS so vulnerable to attack.
The saddest part of the story is that we knew how to prevent all of this before the end of the same month that WannaCry was first launched.
So how is it that with all this good advice, and two years on, WannaCry is still very much active and its well-known exploit EternalBlue continues to cause file encryption operations in legacy unpatched systems (The Threat Report 2019)? Simply put, we were not learning. As all the drama unfolded, we kept saying; “Oh, it won’t happen to us” or “We’ll be fine”.
Complacency is the root of all vulnerabilities in your systems security. As you continue through 2020, do not make the same mistakes. The benefits of knowledge and understanding of previous blunders serve as your very own lessons learned; especially when the sanctity of protecting organisational security is so vital to remain competitive and reduce the risk of cyber-crime. The collection, process and storage of unprecedented amounts of data held within your organisation should not be underestimated.
- Dr Laura Marulanda-Carter, PhD
Laura works at Milton Keynes College as the Head of Curriculum IoT. With 10 years of teaching experience and as a strong advocate of employer engagement and women in technology, we're very excited to be working together.
You can read more about Laura, and read her other Mirus Blog Contributions here.
*Stats from mid June 2019
We’re looking forward to sharing more of Laura's unique and discerning insights into IT, IoT and Security.
How to Recover From Common Cyber Attacks
Don't assume you're too small to target.
Our eBook, Recovering from Common Cyber Attacks, details the most common cyber threats that UK businesses face. From data theft to corporate vandalism, we’ll prepare you for the worst-case scenario with the techniques and technology that keep you protected.