Skip to main content

Preparing staff messaging around WannaCrypt/WCry

In the spirit of my ongoing InfoSec openness, here's the messaging I've prepared around our Group's education and call to action around WannaCrypt:

****

Team,

Many of you will have read about last week’s Global cyber attack that caused a number of organisations to be seriously impacted including the National Health Service in the UK and Telefonica in Spain. Over 70 countries were affected in total.

The attack took the form of ‘ransomware’ that caused computer-held files to be made unreadable (encrypted) unless a payment was made to the attackers via the 'Bitcoin' online currency.

Currently we have no reports of any impact to Group services or systems from this attack.

The attack relied upon a combination of malicious software being run, poor IT configuration practices, and the exploit of older, unpatched/out-of-support systems such as Windows XP and 2003.

The Group have a large and complex IT infrastructure that is continually being improved, strengthened and made more secure. The Group Security Team has been working across our brands to ensure this effort gains pace in an ever-increasing threat landscape.

I would ask that each of you please continue your already-brilliant support to the Group’s cyber defences by following these four simple best practices:

  • Be vigilant when opening unsolicited emails, and avoid opening or saving any related attachments unless certain of their trusted origin;
  • Avoid plugging personal or other USB storage devices into Group computer systems unless they have been recently scanned for malware and viruses by using an up-to-date security product;
  • Avoid downloading and running software from the Internet to your workstations unless part of your normal Group role;
  • Immediately report suspicious activity you witness on any computer system that you suspect may be under attack to [internal email address redacted] Unusual activity can include windows appearing and then vanishing spontaneously, the keyboard appearing to type by itself onscreen, or unusual flickering of your computer display.
The Group Security Team [internal email address redacted] are here to support and answer any questions you may have about the attack or any other aspect of security. We are based on the 1st floor of the Southwark, UK office, and I can be reached via Slack (@anders).

Thank you for your time, interest and ongoing support.

--

Best regards,

Anders

***

Photobox Group CISO, Dinis Cruz, has also posted his own advisory to our Group Tech teams.

Comments

Popular posts from this blog

Designing a GDPR-compliant consent workflow for eCommerce

It's been quite a journey for me, to date, as I find my way along the twisty path that is understanding GDPR.

Through attempting to better understand what 'compliance' for the Photobox Group looks like, and in a renewed attempt to better understand its likely impact upon us, something I've found hard to find are good examples of 'GDPR compliant' user interfaces for eCommerce around the provision of user consent.

Ultimately we need to ensure that for each and every GDPR-relevant interaction our brands have with our customer's data, we have their appropriate consent.

The question is, how granular the explicit Opt-In requirements need to be?

The ICO does a good job of publishing high-level 'consent guidelines' as below:
Explicit consent requires a very clear and specific statement of consent. Keep your consent requests separate from other terms and conditions.Be specific and granular. Vague or blanket consent is not enough.Name any third parties who wi…

My first month as a CEO...in numbers

It's been a busy few months as I moved from a wonderful few years spent with the Photobox Group to becoming Chief Executive for Conosco.

Playing to my 'purple' nature, here are some simple numbers to tell the tale of my first month as a CEO:
1 - organisational restructure0 - resulting redundancies4 - new members appointed to a newly-created Leadership Team spanning the UK and South Africa1 - tailored leadership skills course completed by the new Leadership Team20 - minutes that each leadership team member was asked by me to spend completing a self-analysis questionnaire~0 - the number of cynics asked to engage with the exercise1 professional lifetime - the time that the positive impact the individual questionnaire results that were presented to them will last on each of them (ask them, they agree.)62 minutes - the time it took us to escape from 'Escape Rooms' in London32 - the floor we ate lunch at in the Shard where we celebrated our offsite as a new Leadership te…

A SOC is cooking - with a sprinkle of Machine Learning and SRE

This week sees the start of an exciting new chapter in our ever-maturing InfoSec story, with our Group Security team forming a new Security Operations Centre (SOC).

It has been founded using key staff from our existing Network Information Security (NIS) and AppSec analyst capabilities and I believe we are taking an interesting approach to the its creation that sees us using our ASV (Surecloud) as our first internal SOC client:

The rationale is simple - Surecloud's consultants are tasked with poking and probing our applications, network and supporting infrastructure (all BAU as part of our PCI-DSS routines), and our SOC is challenged to be able to report back to the testers what it is they did.

To achieve this the new SOC team has been empowered (provided time, creative freedom, engineering resource access and budget) to architect whichever technical solution(s) they require to be gain the required insight, and so a Red/Blue team dynamic is born between 'them' and the '…