Evaluating Your Cybersecurity in the Wake of the Largest Ransomware Attack in History

On May 12, 2017, the world experienced the largest ransomware attack in history.  The persons that perpetrated the attack are believed to have used tools stolen from the National Security Agency.  Infections were reported in 99 countries, and the health system in the United Kingdom was brought to its knees.  In the wake of the attack, Microsoft’s President and Chief Legal Officer, Brad Smith, was critical of the “stockpiling of vulnerabilities by governments” in order to exploit them in nation-state cyberwarfare, rather than notify the vendor so that the software vulnerabilities can be patched.

Naturally, in light of such a large scale attack, we need to evaluate our preparedness for such an attack.  Here are a few items to consider:

  1. Ensure that you are reliably and promptly updating your software.  The exploit utilized in the May 12 ransomware attack was patched by Microsoft in March.  A timely update would have mitigated the damage if not prevented it.
  2. Continue to be vigilant regarding email phishing scams.  Familiarize yourself and your organization with common tactics when confronted by suspicious emails. 
  3. Foster a culture of communication with regard to threats.  If your friend or co-worker sees something suspicious, it is only a matter of time before someone else does, too.  Awareness can help thwart these types of attacks.
  4. Make regular backups of critical data.  Many users who are victims of ransomware attacks are faced with the difficult choice of losing critical data or paying a ransom.  You can make the decision easier by having frequent backups.  Losing one day of data as opposed to weeks or months of data may be more palatable.
  5. Review your cyber incident response plan (or, if you do not have one, draft and implement a cyber incident response plan).  A cybersecurity incident response plan will help with the response to an incident from cleanup to restoration by carefully defining the steps to be taken and roles of those involved.  As with most contingencies, you are not going to want to create such a plan after it is needed.  Not knowing how to respond can make a bad situation much worse and costly.
  6. Review your current policy and, if it doesn’t cover cybersecurity incidents, evaluate the need to obtain such insurance.  Keep in mind that, in addition to the costs of investigating and responding to cyber incidents, the losses imposed by lost business revenue can be astronomical.  Cybersecurity insurance can help you mitigate this risk.

The attack on May 12 should be a wake-up call for those that have not yet taken cybersecurity seriously.  For those that are engaged on cybersecurity issues, it is a good reminder that we must continuously evaluate our readiness and plan for such incidents.  Cyberattacks can cost us money, time, frustration, and in some situations, trigger legal duties to report.  As the world becomes more connected and reliant on technology, we must protect ourselves from disruptions of those connections.

If you need assistance creating a prevention program and/or cybersecurity response plan, evaluating cybersecurity insurance, or evaluating your current policies and procedures for responding to a cyber or data breach incident, please contact us. We would love to assist you in combating and managing these types of incidents.

          Author:   Keith J. Fernandez
          Practice Area:   Technology Law
          Date:   May 31, 2017

Disclaimer: The information provided herein (1) is for general information only; (2) does not create an attorney-client relationship between the author or the author’s firm and the reader; (3) does not constitute the provision of legal advice, tax advice, or professional consulting of any kind; and (4) does not substitute for consultation with professional legal, tax or other competent advisors. Before making any decision or taking any action in connection with the matters discussed herein, you should consult with a professional legal, tax and/or other advisor who should be provided with all pertinent facts relevant to your particular situation. The information provided herein is provided “as is,” with no assurance or guarantee of completeness, accuracy, or timeliness of the information.