Following up on the global cyber attack story, Ilia Kolochenko, CEO of High-Tech Bridge has a number of additional thoughts which you may consider for any story:
"This incident exposes how a two-month old vulnerability can cause global panic and paralyze the largest companies and governmental institutions on all continents. Worse, cybercriminals could have easily released this worm just after the NSA's 0day was leaked two months ago, and this would have led to much more destructive consequences.
There is nothing new in this particular attack, and the main cause of the epidemic is our failure to adhere to cybersecurity fundamentals.
Many companies were infected because they failed to maintain a comprehensive inventory of their digital assets, and just forgot to patch some of their systems. Others, omitted or unreasonably delayed security patches. Last, but not least – malware's capacity to self-propagate leveraged the lack of segregation and access control within corporate networks.
It would be unreasonable and inappropriate to blame the NSA for any significant contribution to this attack. Similar 0days are bought and sold almost every day, and many other organizations participate in these auctions - virtually anyone can (un)intentionally leak an exploit and cause similar damage. The real problem is that in 2017, the largest companies and governments still fail to patch publicly disclosed flaws for months. Practically speaking, the NSA doesn't really need a 0day to get their data - their negligence "invite" attackers to get in.
Companies and organizations that have fallen victim to this attack, can consider contacting their legal departments to evaluate whether their IT contractors can be held liable for negligence and breach of duty. Failure to update production systems for over two months - can certainly qualify at least as carelessness in many jurisdictions."
Also, if you want to take the ransomware angle, Paul Barber, from managed service provider IT Specialists:
“It is appalling that our health service would be targeted, but we must focus on employee education and insist on vigilance at all times, especially as it seems that this is a ransomware attack. Of course, updating all software to the latest patched versions, installing and updating your AV, and having robust security solutions will help, the most important thing is to ensure daily offsite backups are in place, to protect business data. These steps will guard against other malware and non-malicious incidents.
Email continues to be the most common way to be infected by ransomware which highlights the critical need for employee education. The lack of this education is manna from heaven for cybercriminals, who can click and send mass emails to generate profit, as they calculate that at least some of the emails will be opened.
While public sector bodies have a civil duty to share the devastating effects of a cyber-attack, we think this news of attacks is just the tip of the iceberg, and many go unreported, especially within the SME community.
Government offices will have IT teams and funding to restore information, even if it was not backed up adequately. However, we believe that the greater threat lies with the small businesses that have installed an anti-virus and believe they have adequate protection.”