Due to the worldwide ransomware attack, WannaCry, which began spreading to over 150 countries on May 12, 2017, the SEC issued a cybersecurity ransomware alert on May 17, 2017. According to the Risk Alert, hackers are using Microsoft Remote Desktop Protocol, Windows Server Message Block version 1, phishing emails and malicious websites in order to gain access to servers. Once hackers have accessed servers, a payment is demanded before you are allowed to regain access to the files on your computer.
To read more on the WannaCry attack, click here.
Risk Alert Recommendations
The OCIE Risk Alert is recommending that all firms do the following:
- Check to ensure that Microsoft for Windows EX, Windows 8 and Windows Server 2003 are installed correctly.
- Read and review U.S. Cert Alert TA 17-132A – This includes all information regarding the WannaCry virus and how to prevent the attack from happening.
In addition, the Risk Alert has found shocking information that could indicate reasons why the WannaCry virus was so successful. Here are a few findings:
- With 26% of advisory firms and investment companies having opted not to conduct risk assessments, many vulnerabilities were left unknown. Failure to perform risk assessments puts you more at risk for attacks such as WannaCry.
- 57% of firms reportedly did not conduct penetration tests or vulnerability scans on critical systems.
- While 96% of firms have implemented a process to ensure regular system maintenance, 4% of those firms were missing critical updates.
It’s not possible to predict or prevent every single cybersecurity breach, however it is possible to adequately prepare for an unexpected cyber-attack. Implementing emergency preparedness and business continuity plans, such as what Preparis offers, can help assist in ensuring that your firm stays prepared.
Cybersecurity With Preparis
No company is immune to becoming the victim of a cyber-attack, whether you are a small business or a massive corporation. Preparis is able to assist you and your employees in preparing for and responding to a cyber-attack. Earlier I discussed how 26% of advisory firms and investment companies do not conduct risk assessments. Many choose not to conduct these, or any extra security measures for that matter, due to a lack of time. That’s where Preparis comes in.
- Cybersecurity Assessments – Preparis’ cybersecurity assessment works by evaluating current security measures and plans to see what should be added or removed. The assessments include a review of information, vulnerability and penetration testing, an executive report of findings and recommendations, and an executive report that includes any security risks and recommendations.
- Testing Plans – In order to ensure that all plans are working properly, it is important to test all plans. With the Preparis Portal, you are able to test your notification system, recovery strategies and more.
- Training – Since 95% of all cyber-attacks occur due to human error, taking the time to train your employees on cybersecurity is crucial in trying to avoid cyber-attacks. Preparis provides interactive, online cybersecurity training, executive reporting, tabletops, webinars, checklists and more that is available 24/7 from any device, anywhere in the world.
To download Preparis’ Data Breach Checklist, click here.
To learn more about Preparis’ cybersecurity solution, click here.
Creative Digital Marketing Assistant