Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

How having too many end-points holding sensitive data helped WannaCry

How having too many end-points holding sensitive data helped WannaCry 

Brett Hansen, vice president of endpoint data security and management at Dell, provides useful security advice on this episode of the Vitamin C podcast…

Before the ransomware WannaCry brought scores of IT and security administrators to their knees this past week, Dell Technologies had released a survey of 2,608 people who handle confidential data as part of their job. Disturbingly, the results of the Dell End-User Security Survey revealed that more than one in three or 36 per cent of employees will frequently open emails at work from unknown senders – a practice which almost every cybersecurity firm will tell you opens up an organization to ransomware attacks.

Related content




One of the most shocking findings of that survey is that one in three employees admitted it’s quite common to take corporate information with them when leaving a company. That a reality which proved problematic for Facebook and Uber – two companies that were sued because executives at their subsidiary companies (Oculus Rift and Otto, respectively) stole trade secrets from their employer on their way out.

But that’s something for another story.

To avoid getting hit by ransomware, companies have to make sure their systems are using up-to-date applications.

“Dell highly recommends customers immediately download the patch applicable to their system that Microsoft has issued for this vulnerability, in addition to following Microsoft’s published guidance,” said David Konetski, vice-president and Dell fellow, client solution office of the CTO.

Konetski said Dell Technologies has a number of solutions across its entire security portfolio –including solutions from Dell, Dell EMC, RSA and SecureWorks that can help customers prevent such attacks from occurring.

“The key takeaway is that if your company’s data has value and you need it to run your business, then it’s vulnerable to attack,” said Alan Daines, chief information security officer at Dell. “One of the main reasons why ransomware attacks are successful is due to the number of employees who have data resting on their endpoint and the cyber-literacy of these employees.”

The cost of a ransomware attack on organizations could be pretty heavy.

According to reports cybercriminals using WannaCry demand $300, payable in Bitcoins, in exchange for unlocking the data of their victims.

That could be costly if you happen to be a business with more than 1,000 computers in your network. And again, you are dealing with cybercriminals. There’s no telling when they will come knocking on your door again.

So what can companies do to protect themselves?

Daines has the following recommendations:

  • Educate employees about their role in security and encourage employees to think before they act. Employees should be wary of communications are either unsolicited, or that implore you to act immediately or ask for personal information. That urgent email from your bank asking you to click to verify your information may not be from your bank. When it doubt, don’t click on the link or open the attachment.
  • Have robust security solutions in place to protect critical data and prevent threats from taking place. This includes advanced threat prevention to help stop the threats, data encryption so that even if someone obtains your data it can’t be used. Deploy back-up and recovery solutions to get up and running again if a breach occurs.
  • Keep the security solutions that you do have in place updated and deploy all patches promptly. This attack occurred because of a vulnerability in Windows for which Microsoft released a patch back in March. While many organizations do not have security specialists on staff or limited budgets, every organization needs to prioritize software maintenance as well as the deployment of patches in order to reduce the areas of vulnerability.

And lastly, organizations need to have a backup plan, said Daines.

“In the event, things go wrong, organizations must have robust data recovery solutions in place to be able to meet any application recovery time objectives set forth by the business,” the security expert said. “This could be the difference between companies that bounce back quickly in the event of a catastrophe and those that don’t.”

Related posts