Global Cyberattack Exploits Known Vulnerabilities
As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also confirmed evidence of the attack occurring within the U.S. The attack exploited a known vulnerability in the Microsoft operating system, for which a patch is available. The Department of Homeland Security is encouraging all Americans to update their security systems and back up data to prevent possible loss, and is also reminding users not to click on unfamiliar links or open unfamiliar documents in emails.
We echo DHS, and urge all organizations to take steps to help protect against an attack from occurring, while strengthening response preparedness should an attack occur. For regulated entities, this means at a minimum heeding compliance with applicable cybersecurity regulations, including training and creating awareness among all workforce members who can access the organization’s IT systems.
Falling on the heels of President Trump’s Executive Order on cybersecurity, this global attack is sure to increase pressure on implementation of the directives outlined in this order and elevate our nation’s public and private cybersecurity readiness to the fore of political discussion. And with the impending selection of a new FBI director, look for cybersecurity to be a topic of questioning for whoever faces the gauntlet of Senate confirmation for this position. The apparent paralyzing effect of this attack across sectors of critical infrastructure such as telecom, rail, finance and health and human services highlights the need for law enforcement at all levels to be well versed in cyber competency. But it also serves as a reminder that human error, from lax cybersecurity practices to errant email handling, remains one of the top vulnerabilities facing organizations and enterprises today.