► Actions can help protect from further cyber attacks by WannaCry and other ransomware
In light of recent cyber attacks focused on global organizations through ransomware, EY is urging organizations worldwide to take immediate action and engage effective response measures to mitigate the effect of these attacks and help protect themselves against future attacks.
Petr Plecháček, Senior Manager of IT Advisory, EY Czech Republic, cautions: “The recent wave of cyberattacks is proof that cyber criminals are becoming more aggressive and using highly advanced tools to simultaneously target all kinds of interconnected organizations across the globe. The small number of attacks in the Czech Republic should not make us complacent. When we carry out security system and support infrastructure reviews, we often identify vulnerabilities like those that added to the massive impact of the recent virus. Attackers generally count on inadequate system security and rely on the inaction that comes from a lack of preparedness. Whether you are a Fortune 500 company or a family-owned business, your risk of attack increases significantly if you fail to take computer security seriously.”
The risk of being attacked increases exponentially when preventative measures are not taken. Failure to take incident response equally seriously can mean the difference between hours and days versus weeks and months of system compromise and outage. There are six actions organizations can take now to help protect their systems, their most valuable assets and their customers, while mitigating against potential damage from emerging threats:
Tomáš Kafka, Partner of Fraud Investigation and Dispute Services, EY Czech Republic, adds:“Malware outbreaks such as WannaCry require companies to respond in a comprehensive and defensible manner. Even after the data is restored, companies sometimes face allegations that sensitive personnel-related or other business information had been compromised in the ransomware attack. Third parties and other stakeholders may require the company to demonstrate forensically that, even if the data was accessed, it was not stolen.”