In a recent report conducted by the American International Group (AIG), experts were asked a broad, but valid question; “is cyber risk systematic?” Looking at recent events, AIG indicated that cyber risk is in fact systemic, predicting an event much like the global ransomware attack, “WannaCry” that took the world by storm earlier this month. An article on MedPage Today takes a closer look at the report.
AIG made predictions in their report that simultaneous attacks are likely to occur this year on multiple organizations, a statement that is likely to come true based on recent events. WannaCry ransomware infected “hundreds of thousands” of computers across the world by exploiting vulnerabilities in Microsoft Windows, making the United Kingdom’s National Health Service a major target. This massive ransomware attack acts as a serious reminder that cybersecurity needs to be a top priority for organizations moving forward.
‘WannaCry’ — forced appointments and operations to be cancelled, hospitals to disconnect from email, IT systems to be shut off, and some facilities to turn patients away.”
The AIG survey polled professionals in cybersecurity, technology and insurance in the United States, United Kingdom and Continental Europe.
- Over 50% of respondents believed a simultaneous attack on 5-10 companies is highly likely to occur in the next year
- Over one-third of respondents believed a simultaneous attack on up to 50 companies is at a risk greater than 50%
- Some respondents believed a simultaneous attack could occur on up to 100 companies
- The healthcare industry ranked number 4 in the top 5 list of industries most vulnerable to cyberattacks
If WannaCry is any indication, it looks like experts got it right.
According to media reports, as many as 40 organizations around the world were affected by the ransomware, and many of those are huge umbrella organizations for a number of others, such as NHS of England and Scotland and state governments in India.”
The aftermath of WannaCry
Following the attack, the NHS has spent a great deal of time and effort assisting those individuals who were affected by the ransomware, including patients.
NHS also produced guidance for its organizations, which includes an explanation of patches and a technical guide to protect against cyberattacks, responses to FAQs about the attack, technical guidance on reconnecting to networks after the precautionary disconnection, and a confirmation that it is now safe to connect.”
It also appears that the unfortunate attack suffered by NHS facilities could have been avoided. NHS Digital released an update in late-April, which included a patch that would have protected the system from vulnerabilities exploited by the ransomware attack.