Wanna Cry? Here’s a Tissue (and Some Resources)
The WannaCry ransomware attack, which began on Friday, May 12, managed to infect upward of a quarter-million computers in over 150 countries, with major organizations such as Britain’s National Health Service falling victim.
Security professionals quickly identified the way in which WannaCry spread—an operating system patch released mid-March intended to shore-up an existing vulnerability had not yet been applied by many organizations.
Those infected by WannaCry found their files encrypted, with ransom demands falling between $300 and $600. This particularly nasty malware also carries what pros refer to as a “transport mechanism,” which in plain English means that it automatically spreads itself across a network hosting an infected computer.
Fortunately, a web security research discovered a “kill switch” for WannaCry (again, plain English, figured out how to shut down the software, in turning stopping the spread of the ransomware). The downside is that new versions of the program have been discovered that have no known kill switch.
For the apartment housing industry and its service providers, who regularly collect, use and maintain sensitive and financial and personal about residents, prospective residents and employees, the need to stay vigilant in the safeguarding of data remains a critical business exercise.
Because ours is an industry whose data can be quantified as “extremely valuable,” NAA maintains a watchful eye on industry best practices, and new threats like WannaCry and others remind us that the greatest question we should all be asking is: “Do I know what I don’t know?”
A great follow-up is: “Now that I know, what’s to be done?”
Our most recent article on the matter, “Overcoming Your Insecurity” from the April issue of units, offers valuable pointers for cybersecurity, including bulleted steps to take to shore up vulnerabilities. NAA and NMHC last year also released an in-depth analysis of cyber risk facing the industry and a clear roadmap on how to implement related best practices. Read the executive summary of "Multifamily and Cyberscurity: The Threat Landscape and Best Practices;" NAA members can view the full white paper and accompanying webinar (log-in required.) Not a member? Find your affiliate start taking advantage of member benefits today.
NAA also invites you to peruse the following resources to help inform your cybersecurity decision-making:
Frank Santini, Supervisory Special Agent for the Federal Bureau of Investigation and Jeremy Rasmussen, Director of Security at Abacode, will help organizational leaders understand cybercrime management best practices in several areas, including advanced persistent threats, threat intelligence, phishing and unified threat management to prevent your company from making tomorrow’s front page.