Protecting Your Organization From Cyber Threats

May 2017

The retail industry is tasked with protecting the sensitive data of millions of customers every day. On the heels of the unprecedented “WannaCry” cyberattack resulting in more than 75,000 ransomware attacks across 153 countries and a variety of industries, retailers should be reevaluating the cybersecurity measures currently in place to bolster the safety and security of their data.

About WannaCry and Ransomware
Just one day after President Trump’s executive order on cybersecurity risk, hackers encrypted computer files via the WannaCry program, and demanded roughly the equivalent of $300 in Bitcoin (increasing over time) to restore user access. Organizations from the U.S. to Taiwan were impacted, with notable targets including the Russian Foreign Ministry, logistics carrier FedEx and Britain’s National Health System.

Ransomware is a type of malware that targets critical data and information systems for purposes of extortion, preventing users from accessing their data files until a ransom is paid. The software frequently infects computers through spear-phishing—a targeted attack via a malicious link or email attachment. Ransom demands are most often made in the difficult-to-trace virtual currency Bitcoin.

The swift spread of WannaCry slowed for two main reasons: Microsoft took the step of issuing patches for older operating versions of Windows the operating system no longer supports and a British security researcher accidentally discovered a “kill switch,” sparing much of the U.S. However, neither were fixes for impacted systems, and hackers could easily create new strains of WannaCry to bypass or negate the kill switch.

In response to the threat, the FBI issued a FLASH (FBI Liaison Alert System) report with confirmed threat indicators and recommended steps for prevention, remediation, and defending against ransomware generally.

Protect Your Organization
In addition to the FBI’s guidance, we advise retailers to keep the following recommendations in mind:
  • Don’t forget the human element. The WannaCry attack was entirely preventable. It succeeded at infecting computers because users failed to install a months-old patch—in other words, because of human negligence and a lack of awareness. Change user behavior by introducing a training program based on employees’ organizational roles, implementing cyber hygiene best practices (i.e., not opening suspicious emails or attachments) and regularly testing the program’s effectiveness.
  • Implement a risk-based, threat-driven patch management program. Patch management should be a dynamic, risk-based process rather than a check-the-box compliance approach. Organizations must be able to identify system vulnerabilities and relevant patches in a timely manner, understand the degree of risk the vulnerability presents, and work with asset owners to deploy the update.
  • Monitor, monitor, monitor. To be cyber resilient, organizations need to have threat monitoring and analytics tools to detect an attack, as well as the investigative and digital forensics capabilities to understand what went wrong and the scope of the damage. The sooner a cyberattack is detected, the sooner incident response and mitigation strategies can be put into effect. When it comes to ransomware, early detection can make all the difference in salvaging critical data and information systems.
Moving Forward
Now more than ever, cybersecurity requires a 360-degree view when evaluating needs. This means taking look at technology, evolving data privacy laws and cyber risk insurance. Keep in mind that every business is different—each retailer operates independently from another. Identify your company’s areas of cyber-risk and vulnerability, then develop programs to minimize the impact of an attack.

For more information on FBI-recommended preventative measures and what to do when your preventative measures fall short, check out our latest BDO Cybersecurity alert on the WannaCry attack.