Latest Cyber-Attack is an Important Reminder to Patch Operating Systems & Software

Latest Cyber-Attack is an Important Reminder to Patch Operating Systems & Software

Headlines over the weekend contained a timely reminder of the real threat that cyber-attacks pose to business. A large scale ransomware campaign spread to over 200,000 computers across 150 countries in a matter of hours by attacking a known vulnerabilities in Microsoft Windows.

The ransomware locks down computers and has been demanding payments of up to $600 (USD) to restore access.

Microsoft released a patch in March this year for Windows 8 and Windows 10; however cyber criminals are well aware the majority of SME’s are amongst the slowest to protect against cyber-crime. Installing the Microsoft patches that have already been released would have rendered the ransomware ineffective.

If you have Windows XP or Windows 2003 installed on any of your PCs, servers or terminal servers, Microsoft has issued emergency security patches which provide critical updates to help protect these operating systems.

The Australian Cyber Security Centre strongly recommends Australian organisations apply these patches as soon as possible to prevent infection by this Ransomware campaign. Users should also ensure that they have backed up their important data to an offline location, and confirm that backups are available and working.

Organisations can help mitigate the risk of such as Ransomware by following the Australian Signals Directorate’s Strategies to Mitigate Cyber Security Incidents. Strategies include but are not limited to:

  • Patching Operating Systems and applications to the latest versions.
  • Not exposing protocols such as SMB to untrusted networks including the Internet.
  • Implementing application whitelisting to prevent the execution of untrusted code.

 

Human Error

No matter the sophistication of the security system, there is little that can be done to eliminate the risk of human error. Employee education on the issue of cyber safety is essential with most ransomware spread through web links and attachments in emails. If an employee receives a suspicious email, they are advised not to open any attachment or click any links. Some signs of a suspicious email may include:

  • You do not recognise the sender, or if you know the sender, the message does not look like something they would send
  • The subject and/or attachment name is vague or confusing
  • Spelling or grammar errors
  • The message is unexpected or not business-related
  • The ‘sent’ email address is incorrect, sometimes slightly
  • You are part of a large list of people who have been sent the message

 

Further Mitigation

Insurance policies written through CRM Brokers’ markets are designed to minimise the impact of a cyber-attack by providing a 24/7 expert response line.

The ability to have I.T. investigators, forensic accountants and public relation consultants is critical to mitigating potential threats and have your business up and running as soon as possible. In certain circumstances, a policy may even respond by paying the ransom demand; however this is usually a last resort and not advised.

Please reach out if you would like a copy of our informational sheet on cyber liability or if you have any questions regarding this coverage. In less than 5 minutes, depending on your needs, you can complete a proposal to allow CRM Brokers to provide you with a quote. Click here to fill out our Cyber Insurance proposal form.

For more information on Cyber Insurance, visit our dedicate page at www.crmbrokers.com.au/cyber-insurance

Stay Informed – Connect with us on LinkedIn
Important Notice

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. CRM Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of CRM Brokers.