WannaCry or WannaCrypt is a ransomware that hit hundreds of thousands of computers in one hundred and fifty countries in an unprecedented scale according to the Europol. The ransomware strain is called «Wana Decrypt0r» which asks $300 from victims to decrypt their computer files. If this amount is not paid in 3 days, the ransom goes up to $600. If the $600 is not paid within a week, the ransomware threatens to delete all encrypted files. While some have paid the $300, others have installed emergency patches issued by leading technology companies to disable this security threat. According to IDC, organizations around the globe spent a collective $73.7 billion last year on cybersecurity. IDC research also forecasts worldwide revenues for security-related hardware, software, and services will grow to $101.6 billion in 2020. What is surprising however, that in the recent years, Saudi Arabia has a regular target for cyber-attacks. Cybersecurity is a growing concern across organizations around the world and this was even discussed at the World Economic Forum's annual summit in Davos this year, where it was highlighted that cybersecurity is at the top of the list of business risks across different sectors. Average annual losses to companies worldwide from cyberattacks now exceed $7.7 million per organization, according to the Ponemon Institute. What is obvious now is the fact organizations must take drastic measures to improve on its security and the measures it takes to the potential hazards that a weak cyber risk assessment framework presents. The WannaCry attack, for example, was designed to exploit vulnerabilities in outdated and unsupported operating systems such as Windows XP. Additionally, Businesses must start evaluating their own internal cyber risk assessment frameworks and invest in a robust strategy that mitigates plausible threats. This would include having robust disaster recovery and continuity plans in place and supporting data and system backups to allow quick recovery, if needed. Wayne Loveless of Booz Allen Hamilton explained that with our daily live becoming more and more digital as we progress, the threats will continue to grow parallel to the growth in technology. He also added that the dependence of modern societies on the digital infrastructure that powers our homes, enables rapid financial transactions, and drives global commerce has created a new and open battlefield, where criminal organizations, nation states, and hacktivists all have the ability to wreak havoc. Cyber attacks are always on the rise and without proper measurements, or with cheap solutions, the person or the organization will likely end up with loses that could have been avoided, after all the discovery of malware happens after it has already been deployed. WannaCry, like any malware, requires human interaction before it can take effect, hence, education, training, and awareness, along with security technologies and sound risk management measures and practices, are the key to protecting and possibly preventing these exploits in the future. — SG
