WannaCry, BA and lessons to learn

The events of recent weeks have again highlighted the incredible impact on businesses of all types of attack on the IT and communications systems. It is clear that many UK and world-wide organisations were very badly affected by the WannaCry attack and, more recently, BA’s power supply problems led to major disruption for many people. Some might argue the BA problem was not a cyber attack and strictly speaking that is correct but one of the basic tenets of security is availability – that clearly was the problem and so it is not unreasonable to include it in a discussion of cyber attacks.

So what can we glean and learn from these two incidents?

Firstly, and perhaps by far the most important lesson, is to understand that cyber security is now one of the most critical areas for any business. Both these incidents caused major disruption and had a huge impact – not only on the organisations affected (although that effect alone was very severe) but more importantly and principally on their customers, clients and patients – what might be called collateral damage. If Senior Management Board members need any further convincing that they should be concerned about cyber security, they should not be running any organisation!

The second lesson from the WannaCry attack was the critical importance of off-line backups – a topic covered in previous posts. Yet again the ease with which the attack was dealt with was almost entirely down to the easy availability of comprehensive off-line backups. Some are talking about this attack also teaching the lesson about training staff and users to be more aware of this type of ransomware, but it it is far from clear that there was any real user involvement in the attack. It seems it was spread by the worm-type virus that used a protocol that was on by default and yet not used any more.

Perhaps the third lesson from both attacks was the need for systems to have controls that are agile and effective. Once again this is a topic covered previously but it is clear that many organisations were attacked by the WannaCry software but were able to close down the attack very quickly because they were monitoring their systems effectively. They also had good controls in place that could quickly be reconfigured to address this attack – a critical element in future-proofing the controls used. We have little or no idea where the criminals that launch these types of attack are going to go next (although it is reasonably clear that BA was a self-inflicted incident rather than from any external body). Therefore it is vital that the controls used to protect systems are monitored and then prompt action is taken when something untoward is seen. This is what is meant by agile controls. The time taken to react to an event is critical although there are different time requirements for different controls.

Perhaps the final lesson is that the maturity of the controls reflects their agility as again has been mentioned in other posts. Service management, in the form of ITIL, COBIT5, ISO20000 or similar, is the only way the security controls can be managed effectively at maturity levels 4 and 5, the levels that are required in order to combat effectively all types of attack likely to hit an ICT system. It is therefore essential that service management and security teams work together very closely and in harmony if any organisation is to maintain their cyber security controls effectively. Further, it is virtually impossible to get to these high levels of maturity in cyber security without effective service management.

As for BA, perhaps the full story will emerge eventually and that will throw a different light on it from the incompetent technician that is currently being expressed. Power supplies are a critical part of any system and it is clear that there should have been back-up supplies, fail-safe systems, well-established procedures and much more that should have prevented or at least minimised the impact of this event. Share prices for major companies are now a powerful driver and the effect of a major disruption like this was evident. A change to the way the power supply is monitored and managed is likely to be the least of the changes brought about by this incident.

About Author: Andy Taylor

Leave a Reply

Your email address will not be published. Required fields are marked *