As the latest major hack, code named Petya, gets dissected the picture is getting clearer. Especially when combined with the information in the latest Verizon DBIR report. Link here.
What this means is that if you updated your Microsoft operating system in a timely manner you are safe, as it appears that Petya is exploiting a vulnerability in Windows that was patched months ago and the virus was transmitted via a malicious email attachment1. Unfortunately many organizations have a ‘patch process’ that can be time defined (monthly, quarterly, or longer2) which means, by definition, critical patches are not being done in a timely manner. There are also reports that when the ransom was paid the infected systems remained unusable. So you better have good backups and do security updates in a timely manner.
If you do not want to be the next victim of Petya, or Wanna Cry, it is time to pay attention to all your cyber exposures and your cyber security culture. How do you do that?
A good first step is to download, read and use our free ‘Management guide for fighting cyber predators. Link here. Additionally you need to verify that your cyber security culture is helpful and not fighting you all the way. If you would like some help check out our Cyber Security Culture Management primer. Link here.
Another fine resource is our courses at the Global Risk Academy. Link here.
1 - Verizon DBIR 2017 – 66% of malware is installed via malicious email attachments.
2 – Verizon DBIR 2017 - 12 weeks was where most organizations had completed their patch process