The Wannacry virus is just the tip of the iceberg

Mark Freidin

19th May 2017

As of 15 May, 200,000 systems in more than 150 countries were infected by the Wannacry ransomware virus. Banks, government agencies and particularly hospitals were affected.

Ransomware is software that is maliciously installed on a computer system effectively locking out the user until a ransom is paid, most often in Bitcoins.

Wannacry is a trojan virus created from an exploit called EternalBlue, which the National Security Agency in the US discovered and kept secret for its own intelligence purposes. But then it fell into the hands of rogues.

Security experts have compared the breach with the theft of Tomahawk cruise missiles and highlighted the possibility of rogue nations or terrorists bringing economies to a halt through cyber vandalism.

You might be thinking, I’m a small to medium omnichannel retailer, so this kind of thing won’t affect me, right? Wrong!

If you are running Windows 8, Win Xp or Server 2003, you are particularly vulnerable, and not only to the Wannacry trojan, but also to a plethora of other trojans and cyber attacks.

But that’s not to say you are completely safe with Windows 10 either. Data theft or insider and privilege misuse is another form of cyber attack.

Did you know a disgruntled employee can plug in a USB, steal confidential data and sell or publish it? It’s not very high tech, but it’s data theft. And if someone’s privacy has been invaded, you could be subject to legal action.

How to protect yourself from hacks and litigation

Charles Gordon of Profcover, an expert in cyber liability insurance, highlights that just as professional indemnity and public liability insurance are standard covers for businesses, cyber liability insurance is now an absolute requirement.

Especially when you consider the recent changes made to mandatory data notification laws, requiring any businesses with a turnover exceeding $3 million to officially report security breaches to the Australian Privacy and Information Commissioner.

This means it’s harder for businesses to keep exposures under wraps, and puts them at much greater risk of litigation.

“For small to medium businesses, the cost of employing ‘ethical hackers’ to find vulnerabilities in their systems is often just not an affordable option.

“The best way a business of this size can protect itself is to ensure they have software patches, virus and malware scanners on computers are up to date and to use common sense.

“Inform your staff to think about links they click on or files they open in emails or files they open from external USB or hard drives.

“Finally have cyber liability insurance in place. This insurance provides cover in reputation protection, legal cover, point of sale card not present purchases, cyber extortion, cyber espionage, denial of service and other covers for risks you probably haven’t even considered,” Gordon said.

A few years ago, I worked for a retailer that learned their website had likely been hacked. The payment gateway provider identified a pattern that showed that cards used to buy goods on the retailer’s site were also being used illegally to make purchases elsewhere.

The retailer was baffled, as they weren’t storing card details. It turned out that a script had been inserted at the point the card was submitted to the payment gateway, which pulled the buyer’s details and card details into a csv file that was being cleared every few days.

At the time, the retailer had no legal obligation to inform the Privacy Commissioner about the data breach, and did not inform customers that their personal information, including financial information, had been stolen.

This has changed with this new legislation.

Almost all businesses are connected online. But since cyber attacks are not a physically visible risk, little attention is given to this increasingly vulnerable part of companies, which can bring a business to its knees.

Mark Freidin is the co-founder of Internet Retailing and writes a weekly opinion column about the e-commerce industry. 

Have a burning question or idea you want to share? Email Mark at iretnews <@> octomedia.com.au.