In the last several days, a large-scale cyberattack utilizing a powerful strain of malware commonly known as “WannaCry” took advantage of a flaw in the operating system of Windows-based computers. WannaCry is a version of ransomware (and variations of it are now being released) that takes advantage of a specific Microsoft Windows flaw discovered earlier this year.
Bad now, and about to get worse?
Although Microsoft released a patch to fix the vulnerability, the widespread attack highlights the fact that many businesses (or individuals) either did not heed the warnings or delayed installation of the patch. As a result, more than 200,000 computers in 150 countries have reportedly been affected by the first wave of the attack. Security researchers believe this is only the start and that subsequent, more virulent versions will be released imminently. In fact, some new versions are already being reported.
Getting ahead of the threat – or repairing what’s broken
What can organizations do to get ahead of the next incident or mitigate their risk if they have already been impacted? As detailed in the attached Client Alert, this widespread attack reinforces the importance of an integrated, holistic approach across people, capital and technology by:
- Emphasizing the significance of data back-ups, timely patch updates and current antivirus signatures
- Underscoring the role that employees play in helping their organizations thwart or mitigate the impact of a cyberattack
- Allocating adequate capital to cyberinsurance.
Learn more about comprehensive cybersecurity from Willis Towers Watson.