Skip to main content

Preparing staff messaging around WannaCrypt/WCry

In the spirit of my ongoing InfoSec openness, here's the messaging I've prepared around our Group's education and call to action around WannaCrypt:

****

Team,

Many of you will have read about last week’s Global cyber attack that caused a number of organisations to be seriously impacted including the National Health Service in the UK and Telefonica in Spain. Over 70 countries were affected in total.

The attack took the form of ‘ransomware’ that caused computer-held files to be made unreadable (encrypted) unless a payment was made to the attackers via the 'Bitcoin' online currency.

Currently we have no reports of any impact to Group services or systems from this attack.

The attack relied upon a combination of malicious software being run, poor IT configuration practices, and the exploit of older, unpatched/out-of-support systems such as Windows XP and 2003.

The Group have a large and complex IT infrastructure that is continually being improved, strengthened and made more secure. The Group Security Team has been working across our brands to ensure this effort gains pace in an ever-increasing threat landscape.

I would ask that each of you please continue your already-brilliant support to the Group’s cyber defences by following these four simple best practices:

  • Be vigilant when opening unsolicited emails, and avoid opening or saving any related attachments unless certain of their trusted origin;
  • Avoid plugging personal or other USB storage devices into Group computer systems unless they have been recently scanned for malware and viruses by using an up-to-date security product;
  • Avoid downloading and running software from the Internet to your workstations unless part of your normal Group role;
  • Immediately report suspicious activity you witness on any computer system that you suspect may be under attack to [internal email address redacted] Unusual activity can include windows appearing and then vanishing spontaneously, the keyboard appearing to type by itself onscreen, or unusual flickering of your computer display.
The Group Security Team [internal email address redacted] are here to support and answer any questions you may have about the attack or any other aspect of security. We are based on the 1st floor of the Southwark, UK office, and I can be reached via Slack (@anders).

Thank you for your time, interest and ongoing support.

--

Best regards,

Anders

***

Photobox Group CISO, Dinis Cruz, has also posted his own advisory to our Group Tech teams.

Labels:

Comments

Post a Comment

Popular posts from this blog

Cultural mugs

One of the main challenges that drew me to Information Security (and management in general) was that of helping to build a working culture that is genuine, sustainable and is aligned to support 'the vision'. I've had the benefit to have learned directly, and from the experiences of past bosses, leaders and mentors how not to approach cultural change initiatives: Knowing what bad change-approaches looks like, usually without any real clarity around what perfect (or even good! ) may be is a useful head-space to occupy. At least in the absence of knowing what to do, knowing what not to do provides a useful reference point. I find that this simple psychological tool helps me to sanity check if I'm falling into those past gotchas and traps as shared with me by the wise few who've been there, seen it, burnt that bridge, picked themselves up and started all over. Haven't we all? The challenge of raising Information Security awareness through driving a work
Post a Comment
Read more

Introducing the Conosco Security Division

One thing you’ll notice is that I quite like to blog about what I’m up to at Conosco. As the CEO for a private company, this may be somewhat unusual, and it would certainly make other company Boards nervous.  Thankfully not ours.  We believe that being ‘open’ betters the understanding among our staff, future employees, clients and prospects of what Conosco does, how we do it, and what we strive for. It also follows an ethos that I believe has helped mature the Information Security community – sharing knowledge that adds insight and value to its members. This approach has allowed the Information Security community to build strong bonds,  improve its members’ collective defences and lower the barrier to knowledge proliferation as a result. Conosco has a new and niche security offering for the SME market that has benefitted from such open thought, opinion sharing and an honest approach to solving our clients’ genuine security needs. The new Conosco Security Division provides
Post a Comment
Read more

A SOC is cooking - with a sprinkle of Machine Learning and SRE

This week sees the start of an exciting new chapter in our ever-maturing InfoSec story, with our Group Security team forming a new Security Operations Centre (SOC). It has been founded using key staff from our existing Network Information Security (NIS) and AppSec analyst capabilities and I believe we are taking an interesting approach to the its creation that sees us using our ASV ( Surecloud ) as our first internal SOC client: The rationale is simple - Surecloud's consultants are tasked with poking and probing our applications, network and supporting infrastructure (all BAU as part of our PCI-DSS routines), and our SOC is challenged to be able to report back to the testers what it is they did. To achieve this the new SOC team has been empowered (provided time, creative freedom, engineering resource access and budget) to architect whichever technical solution(s) they require to be gain the required insight, and so a Red/Blue team dynamic is born between 'them' a
Post a Comment
Read more