By Simon Clayton, chief ideas officer, RefTech
The recent ransomware attack that disrupted the NHS, Deutsche Bahn, FedEx and others should act as a wake up call to company directors everywhere. What it shows is that the importance of IT has grown steadily over the last 20 years and, now, the survival of every company of any size depends on its IT system.
Knock out the IT system, especially the data it contains, and the company falls over.
Imagine what would happen if a conference company’s computer network suffered a catastrophic failure or if a major convention centre had been the victim of the ransomware attack.
Suddenly, nobody has any information on which shows are coming in over the next few days, what has been ordered, even how much they’ve been quoted.
Yet how many directors understand how vulnerable their companies are? The problem is that it’s in an area that many directors don’t understand so they haven’t thought it important enough to consider. Most board meetings include a review of management accounts. How many include a review of IT security?
It isn’t enough to say that it’s a techie thing so somebody else looks after that. Issuing invoices and chasing payments is a numbers thing but it’s a reasonable bet that the directors know how up to date their invoices are and how long customers are taking to pay. The same level of knowledge is needed in the IT side of any business.
In some cases, somebody within a company will have been told they’re responsible for the IT system. But there’s a world of difference between saying that and making sure the person chosen has the knowledge, budget and time to do the job properly.
The danger is that some directors will have read that the ransomware attack only affected systems running Windows XP. They may think they’re safe because they moved on to a later operating system years ago. But all Windows operating systems are vulnerable unless they have had an update installed. The point about XP was that there was no update until recently.
The ransomware attack is also only the most recent catastrophe. Even multinationals like Facebook and Google have fallen for fake invoice scams and it’s not just the multinationals that are targets. There’s a particular scam that affects small companies: an email comes in from the managing director asking the accounts department to pay a supplier urgently. The bank details are provided. The email looks right so the payment is made. But the email didn’t come from the MD. Criminals can make emails appear to come from wherever they like.
The problems aren’t restricted to incoming material. Recently customers of a British company were scammed by somebody who had been sacked from the call centre that held all of the customers’ details. He had free access to all the information he needed to scam the customers because all the call centre workers used the same login details so there was no way to lock a sacked worker out of the systems.
Unfortunately, the great ransomware crisis of 2017 will soon be history: directors will shove their heads back in the sand until the next crisis. Let’s hope it doesn’t affect their company.