KUALA LUMPUR (May 16): EY urges organisations worldwide to take steps to up their cybersecurity defence as hundreds of thousands of computers across the globe were hit in a massive ransomware attack last week.
"The recent wave of cyber attacks reinforces the need that more needs to be done in cybersecurity. Many companies are complacent and don't take cybersecurity seriously enough until they experience an incident. In fact, many organisations do not believe they are at risk of a serious cyber attack.
"Today's cyber criminals are becoming increasingly aggressive and sophisticated. EY is closely monitoring the attacks and we urge everyone to take steps that can help keep critical systems and data safe," said Ernst & Young Advisory Services Sdn Bhd partner who focuses on cybersecurity, Jason Yuen, in a statement today.
As news continue to spread of WannaCry, the vicious strain of malware responsible for the attack on over 200,000 computers and counting in over 150 countries since Friday, EY stressed that the risk of being attacked increases "exponentially" when preventative measures are not taken.
"Failure to take incident response equally seriously can mean the difference between hours and days versus weeks and months of system compromise and outage," said EY.
"Malware outbreaks such as WannaCry require companies to respond in a comprehensive and defensible manner. Even after the data is restored, companies sometimes face allegations that sensitive personnel-related or other business information had been compromised in the ransomware attack," EY's Malaysia Fraud Investigation and Dispute Services leader Joyce Lim, said.
"Third parties and other stakeholders may require the company to demonstrate forensically that, even if the data was persevered and accessed, it was not stolen. Companies also have to demonstrate the ability to detect and respond to future attacks," she added.
As such, EY recommended six steps organisations can immediately take to mitigate damages in the wake of an attack:
- Disconnect infected machines from the network and take all backups offline because they could also become encrypted if left connected to the network.
- Activate your incident response plan and don't treat the investigation as merely an IT issue or exercise. Ensure there is cross-functional representation in the investigation team, including legal, compliance, information security, business, public relations, human resources and other departments.
- Identify and address vulnerabilities in your connected ecosystem; sufficiently install security updates, malware detection and anti-virus detection to complicate attackers' efforts to get back in; enhance detection and response capabilities for future attacks; and prepare for eradication events.
- Ensure your systems are patched before powering up PCs. Keep systems up to date with a robust enterprise-level patch and vulnerability management program. This should include a formal, repeatable life cycle to manage vulnerabilities based on risks as they evolve, and a comprehensive asset model that focuses on the exposure of assets to these risks, including any connectivity to other assets.
- Activate business continuity plans. Prepare data based on varying requirements for regulatory reporting, insurance claim and dispute, litigation, threat intelligence and/or customer notification.
- Collect and preserve evidence in a forensically sound manner so that it is conducive to investigation, and reliable and usable in civil or regulatory matters.