WannaCry — how the NHS actually got quite lucky

 

There’s no denying that WannaCry, the “biggest ransomware outbreak in history”, was devastating to the NHS, affecting around 48 hospitals and trusts up and down the UK. NHS computers were among tens of thousands around the world hit by ransomware demands of around $300, stopping staff from doing their jobs and putting lives at risk.

The cost of the attack is still racking up for the NHS in terms of lost productivity, cancelled appointments, IT infrastructure upgrades and more, but the saving grace from the whole saga is that the attackers did not steal any key data from the NHS.

While ransomware halts your systems, data theft is a far more dangerous threat. Once data has left the perimeter of your company’s network, the consequences can be much more severe because. As a business, you’ll never be able to gain total control of that data again.

Not only is data theft more dangerous, it’s often easier for criminals to pull off than ransomware. The number of ways in which a cybercriminal can commit data theft — for example through a back door or with an employee’s login credentials — far outnumbers the ways they can commit ransomware, which generally relies on a small number of common system and user vulnerabilities. And of course, data theft is often more rewarding than ransomware.

>See also: WannaCry ransomware attack ‘fails to stimulate surge in cyber insurance’

With ransomware, an attacker risks their victim not paying up, which then means the whole attack could come to nothing. In fact, it turns out the WannaCry attackers only made around $50,000 from their worldwide attack. With data theft, there are a plethora of marketplaces on the dark web where criminals buy and sell information, so criminals are likely to get more bang for their buck. And in healthcare, patient data is always a high target for criminals. Its longevity compared to, say, credit cards, which eventually expire, mean patient data holds its value very well.

None of the above is just theory. Huge amounts of data is bought and sold by cybercriminals on the dark web — names, addresses, credit card details and individual patient data.

The worrying issue is the fact that most organisations can’t detect cybercriminals posting their stolen data on the dark web. As a result, the vast majority of companies carry on blissfully unaware that they’ve suffered a data breach. In 2016, European companies took more than 450 days to spot a breach on average. Imagine the damage a cybercriminal could do in 450 days. They could quite easily snoop around your infrastructure, remove traces of their presence and leave back doors for future access.

And all it takes for data theft to occur is for one employee to fall for a phishing email and inadvertently hand over their login. And since so many people now use the same password for multiple systems — personal and private — the consequences of falling for a phishing email could be catastrophic for organisations. Once an attacker uses a genuine login, traditional anti-virus tools, firewalls and perimeter defences will do nothing to flag that intruder.

Given the amount of time it usually takes for organisations to spot a data breach, organisations must do better to find their data once it has ‘left the perimeter’. Imagine your home’s been burgled. If any of your possessions ended up on eBay or Gumtree for sale, you’d want to know about it. It’s the same with organisational data.

Now imagine that you’ve been burgled and instead of the police catching the culprit, they fine you 4% of your salary for not using a burglar alarm. That’s exactly what the General Data Protection Regulation (GDPR), coming into force in May 2018, is set to do for organisations that suffer a data breach, fining them a whopping 4% of annual turnover or €20 million, whatever is greater.

>See also: NHS Trust successfully fought back WannaCry ransomware with AI

The sheer size of the potential fines has therefore bumped cybersecurity up the priority list for all companies. So the growth of the dark web and its clandestine nature now makes it a huge threat. And given the amount of data that’s already on the dark web for sale, organisations cannot afford to ignore the problem anymore, and need to ensure that they have advanced search technology in place to be able to detect wrongdoing.

So whether it’s patient data, customer data or corporate data, the fact is that theft is a far bigger threat than ransomware. Perhaps in this case, we can consider WannaCry as a wake-up call or a blessing in disguise. Whatever way you look at it, all organisations should keep data as secure as possible because, ultimately, it’s good for business.

 

Sourced from Tim Haynes, CEO, RepKnight

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Cybercrime
Ransomware