After WannaCry attack, here’s how businesses can tackle cybersecurity

A ransomware attack that swept across the globe last weekend has put the spotlight back on cybersecurity.

While they may not the biggest or even the main targets, Iowa companies need to make sure their systems are secure, or otherwise risk the loss of data, time and money, Iowa cybersecurity experts said.

Here's what happened with the latest cybersecurity breach and what experts say businesses and individuals can do to protect themselves.

What is WannaCry?

WannaCry is a type of ransomware that spread around the world last weekend, affecting more than 200,000 victims, including hospitals, in at least 150 countries, according to news reports. Security experts, the Wall Street Journal reported, saw WannaCry as the most significant outbreak of malware worm since 2008.

Once ransomware infects a system, it encrypts files, locking out users, and demands a payment before a de-encryption key is provided.

In WannaCry's case, the malware targeted computers running older, unpatched versions of Microsoft's Windows operating system. It then demanded about $300 to unlock the files, paid using Bitcoin due to the cryptocurrency's anonymous nature.

WannaCry spread quickly in part because it was self-propagating, said Omar Chowdhury, assistant professor of computer science at the University of Iowa. Once it affected one computer, WannaCry would use a worm to look for other computers on a network it could infect.

That means WannaCry does not care how about the size of a target before it tries to infect, noted Doug Jacobson, director of Iowa State University's Information Assurance Center, in an email.

Cyber security researchers, including one 22-year-old in the United Kingdom who identified and activated WannaCry's killswitch, helped stymie its spread. WannaCry's developer could remove the killswitch, though, and reissue the malware. And cyber attacks are only becoming more common.

'It's just going to increase,' said Steve Healey, chief technology officer with Integrity Technology Systems in Des Moines. 'This is cyber warfare.'

What do we do?

Businesses, experts said, should invest in data backups, employee training and maintaining up-to-date operating systems to mitigate future cyber threats.

'Ransomware is pretty ineffective against a company that has their data backed up,' said Aaron Warner, founder of cybersecurity business ProCircular in North Liberty. 'It can still cause immense trouble and disruption, but having backups can take the sting out of that.'

Backups can include the occasional backup to a hard drive not connected to a network and more consistent ones to cloud storage systems, Warner said.

Users also need to ensure computers run the most current version of an operating system, especially if a security patch has been issued.

The UI's Chowdhury said businesses may not install updates due to the cost or concerns that patches will mess with their systems. Short-term pain, though, is better than long-term consequences, he said.

'Even though it might break functionality for a limited amount of time, it's a good idea,' Chowdhury added.

Microsoft released a similar statement after the WannaCry outbreak. The company had issued a patch to the security flaw WannaCry exploited back in March. Users who don't update their systems are 'literally fighting the problems of the present with tools from the past,' Microsoft President Brad Smith wrote in a blog post.

Employee training, which includes real-world examples, also can help fight off breaches.

Healey said employees should look at the sender's email address, not just the name, to verify the source. They also can hover over hyperlinks without clicking on them to preview the destination and verify it is safe.

'Those are great indicators to say, Hey, that is not coming from that legitimate source,' Healey said.

Overall, companies need to be proactive about cybersecurity, Chowdhury and Warner said. That can include talking with cybersecurity businesses ahead of time or building a network with cybersecurity tools installed.

'I think that this is a good practice to consider security and not as a Band-Aid solution. The things you can do with a Band-Aid solution is very limited,' Chowdhury said.

And if a computer becomes infected, isolate it, Warner said.

'Isolate the workstations that are infected, get them off your network because what they'll do is go out and try and get that malware onto other computers,' he said.

Should we pay the ransom?

It depends.

Ideally, no. But if no backups exist or immediate access to information is needed, such as in a medical environment, payment may be inevitable.

'That's why ransomware is so successful because some of these organizations and individuals targeted are just backed into that corner, and they have to go out on that ledge and pay the ransom and hope they get the data back,' Healey said.

Even then, there's no guarantee bad actors will hand over access to the files.

'The trust component of that extortion has been removed,' Warner said.

l Comments: (319) 398-8366; matthew.patane@thegazette.com