The hacker designs his malware to go after known flaws in the most common platforms.
Editor's note: This is part one of a two part series. Part two will cover Preventative Measures: There are five steps that organizations can take to minimize the risks of malware attacks.
The WannaCry Ransomware attack that crippled hospitals, universities, manufacturers and government agencies in Britain, China, Germany, Russia, Spain and 145 other countries and more than 300,000 machines has awakened, at least temporarily, the awareness of the need for effective cybersecurity.
Small business owners and IT executives must recognize that robust malware detection and prevention policies and procedures are multi-faceted and multi-layered – addressing applications, devices, infrastructure, networks, personnel, and systems.
The burgeoning ransomware business as well as the growth in other malware attack vectors also demands that management perform an independent assessment of controls and frequency of controls regularly and after any significant attack.
WannaCry Ransomware attack
The successful WannaCry Ransomware attack has once again made malware a Board-level conversation.
Although tens of thousands of institutions were impacted by the WannaCry worm, it is just one of thousands of malware assaults that have been plaguing end user devices and IT systems for decades. The attacks are not going away – instead they are getting more sophisticated and occurring more frequently.
The threat from ransomware alone continues to grow, with some experts estimating that up to 40 percent of all email spam contains ransomware.
According to Kaspersky Lab, 98 percent of the WannaCry targets were using a version of Microsoft Windows 7, which is the most popular Windows OS in use today (48.5 percent market share) and why it was specifically targeted. Windows 10, which is the second most popular desktop operating system with a 26.3 percent market share, was virtually unaffected by the worm.
Microsoft had put out a critical security patch to address the specific security flaw used by WannaCry earlier this spring but victims had failed to install the patch.
Next page: The popularity of ransomware and What is Ransomware?
About the author
Mr. Braunstein serves as Chairman/CEO and Executive Director of Research at the Robert Frances Group (RFG). In addition to his corporate role, he helps his clients wrestle with a range of business, management, regulatory, and technology issues.
He has deep and broad experience in business strategy management, business process management, enterprise systems architecture, financing, mission-critical systems, project and portfolio management, procurement, risk management, sustainability, and vendor management. Cal also chaired a Business Operational Risk Council whose membership consisted of a number of top global financial institutions.