Solid Open Standards IT Systems

Avoiding Malware Disaster
Learn from the 2017 Maersk Malware Disaster
  • USD 300 million estimated cost, and "within 7 minutes most of the damage was done".

  • Their CISO Andrew Powell presented his thoughts about it here,

  • An important article for your technical people is here.

  • Note that an expert who worked on the recovery says that they remain quite vulnerable to similar attacks.

  • You can have convenience or safety. But not both.

  • You can have complexity or safety. But not both.

  • Perhaps consider how closely you want to emulate what happened to Maersk. Because an attack on your systems will inevitably succeed.

  • We glean a lot of information about Windows-threats from our server logs. Attackers push their stuff at our systems as if they were Windows-based ones. Such attempts always fail and all of their actions get recorded.

  • If some of the stuff that we see gets a foothold on your Windows-based systems your day will go downhill very rapidly.
Better Defences
  • Your staff may need to learn new things and move outside their comfort zone. But avoiding that isn't sufficient reason to risk throwing away $millions.

  • There's lots of recommendations in the technical article linked above.

  • That malware affects only Microsoft Windows. As does virtually all malware.

  • Which makes IT diversity a superb defence. Use alternative (non-Microsoft) systems for critical processes wherever feasible.

  • When one global company was hit by ransomware its ERP system was completely unaffected because it runs on Linux-based servers.

  • The systems that we provide are Linux-based, and they're at least as capable, and are simpler, and have better defences. More here.

  • We can support such systems safely remotely. It's something we've been doing routinely for around 20 years. We can even install them safely remotely.
Copyright 2019-2021 : IOPEN Technologies Ltd