Things That Make Me Wannacry
This article originally appeared on the NIST Taking Measure blog. Written by Pat Toth of NIST MEP.
I’m a bit emotional these days. My youngest—my baby—just graduated from high school. It’s the end of an era for our family: The years of homework, packing lunches, attending sporting events, and endless nagging to study for exams are finally over. It’s a bittersweet time as a mom. If I think about it too much, I get a little teary-eyed. I’m so proud of my son—he got into his dream school with a full scholarship!—yet I worry if we’ve taught him everything he needs to know. I’ve been waking up at night, thinking of things I still need to tell him. He assures me, with an eye roll that only a teenager can do, that he knows everything. I just hope we’ve done enough to prepare him.
Kids these days, at least to their parents, seem to have a natural relationship with technology and an intuitive grasp of how it works. At the same time, younger people are also more likely to take risks and act without thinking—things that I, being a “caution giver,” would never do.
So, I wonder if he always takes the time to think before he clicks on links or downloads files—even those that look like they come from me!
As Cybersecurity Program Manager for the NIST Hollings Manufacturing Extension Partnership (MEP), it’s my job to worry about how small manufacturers can protect themselves from cyber threats. By now, you’ve probably heard about the WannaCry ransomware attack that recently spread across the world. WannaCry is a kind of computer virus called a Trojan horse. We call it that because, like the Trojan horse of Greek myth, it hides its malicious payload inside an otherwise innocent-looking package—a file or link from what looks like a trusted source. Designed to infect Windows XP computers, WannaCry will encrypt all the data stored on your computer. To decrypt your files and regain access, the virus requires that you pay $300 in Bitcoin to an anonymous account. If the ransom has not been paid after three days, then it increases to $600. If a week passes without payment, the virus deletes all your files and they cannot be recovered.
While ransomware is not new, this attack has been so widespread that many small-business owners, manufacturers among them, have likely lost some sleep wondering if they’ve done enough to protect their systems. Could a ransomware attack be the end of their business? The integration of physical production and digital technologies has forever transformed the factory floor, but small manufacturers have often failed to protect their investments in these new technologies with a comparable investment in cybersecurity.
It’s vital that small business owners build a robust cybersecurity program that will help protect their employees, customers, and businesses.
Small businesses often see cybersecurity as too difficult or too expensive. And it’s true: There is no easy, one-time solution for cybersecurity. But if viewed as part of your business strategy and regular processes, cybersecurity doesn’t have to be intimidating. While small manufacturers may be more constrained by budgets than larger companies, they need to understand that cybersecurity is not necessarily a huge expense. A basic level of cyber hygiene may be reached very affordably.
Following the five steps of the NIST Cybersecurity Framework can help small manufacturers understand their cyber risks, limit the impact of a cybersecurity event, enable timely discovery, respond properly to a cybersecurity event and get back to normal operations after an incident occurs.
It might be useful for small-business owners to approach cybersecurity like preparing a child to go off to college. Both require a great deal of planning, continuous monitoring, consistent effort and a few sleepless nights. Parents and business owners should remember that, while you can’t predict the future, you can, and should do everything you can to protect yourself and those that depend on you, and give them the tools they need, as best you can, to forge ahead.