On Friday May 12, 2017, hundreds of thousands of computers in over 150 countries experienced a Ransomware attack where the
WannaCry malware took over users' files, demanding payment to restore access.
The cyber-attack has been attributed to the fact that hackers were able to exploit a vulnerability in the Windows operating system for which Microsoft had issued a patch back in March 2017.
What should be done immediately?
Organizations should ensure the following are performed in a timely manner:
- Patch Windows systems in your environment (proper testing for production servers). The patch was released in March 2017 as part of MS17-010 / CVE-2017-0147.
- Verify that all Windows systems have an anti-virus program that it is up-to-date and performing regular scans.
- Enable strong spam filters to prevent phishing emails from reaching end users.
- Inform staff to be on the lookout for emails with suspicious attachments and/or links. Staff should notify IT Management if a suspicious email is received.
- Maintain up-to-date backups of critical data.
How KPMG can help you going forward?
KPMG has dedicated Cybersecurity professionals and can help you identify your strengths, weaknesses and develop an action plan to thwart future attacks. With respect to the recent Ransomware attack, we feel the below service offerings are currently the most relevant to companies in the Cayman islands:
- Cyber maturity assessment: KPMG professionals will assess and benchmark your organization on six key areas of Cyber Security and will consider the security, availability and confidentiality of sensitive data.
- Employee awareness training: KPMG professionals will provide your employees with knowledge on how to protect your assets and how to identify and thwart common attacks they may be subject to.
- External penetration testing: KPMG professionals will test your network perimeter and identify weaknesses before hackers do. We will examine your email systems, firewall, Web servers and other externally exposed systems.
Contact us for more details on how we can assist you in protecting your organization.