![[Jcount.com]](https://www.jcount.com/wp-content/uploads/2014/08/jcount150X50.png)
![[Jcount.com]](https://www.jcount.com/wp-content/uploads/2014/08/jcountstartupslogo1.png)
The year of 2017 will probably be remembered as the year when the threat of ransomware finally came to the attention of the public. On Friday, 12 May, the WannaCry ransomware attack started, hitting over 75,000 systems in 99 countries in just one day. Every system got the same message – their data was encrypted, and they have to pay $300 in BitCoins if they want their data decrypted.
Some of the systems hit by the ransomware attack belonged to the NHS, the UK’s healthcare system. Even though reports said that the attackers earned as little as $20,000 on the first day of the attack, the very fact that the attack caused delays of medical procedures in one of the world’s most developed countries cemented WannaCry, and ransomware in general, as the number one tech security concern.
What Is Ransomware?
Ransomware is a type of malicious software much like a regular computer virus. It spreads in the same way – an infected email attachment is opened and it infects a system. What happens next depends on how sophisticated the ransomware is, but in general, users are in some way prevented from using their computers and asked for ransom – a sum of money they need to pay to the person and group who sent out the ransomware. And while the most basic forms of ransomware attacks are easy to disable, the advanced attacks, the ones that use advanced encryption, are much harder to handle.
The very first recorded ransomware attack happened in 1989, and it targeted healthcare just like WannaCry did. Ransomware started being a menace by the middle of the 2000s, and by 2015, it became a real threat. One of the most notorious attack campaigns carried out by Cryptolocker ransomware, infected around a quarter of a million systems, and earned its creators at least 1,216 BitCoins.
What Makes a System Susceptible to Ransomware Attacks?
Businesses today are more aware of the threats of cybercrime, and so are people they employ. It’s not that hard to get an antivirus program, and it’s just as easy to teach the employees how to recognize threats. But while just saying “no” to opening sketchy attachments from email is easy, it won’t help with all types of ransomware.
WannaCry was also specific because it didn’t need the users to act in any way for their systems to get infected. The WannaCry worm traveled completely freely between different systems, exploiting a flaw in Microsoft Windows’ operating systems. The flaw was acknowledged and patches were sent out to fix it two months before WannaCry attacked. The attack could be prevented by the timely download of the patch, and those who didn’t do it were left vulnerable. In other words, it could have been prevented by ITSM.
What Is ITSM?
ITSM stands for IT service management, and it’s best explained as a system of practices, activities, and processes that providers of IT services implement in order to operate and manage the services they offer to their customers. ITSM is a customer-oriented framework developed to bridge the gap between IT professionals – people with extensive knowledge of information technology – and their customers, who don’t necessarily have the same degree of knowledge and experience with IT.
IT service management is, at the bottom line, concerned with the value IT service providers provide to their customers. While different frameworks are developed to meet the specific customers’ needs, the one thing they all have in common is that they are in place to make sure that the client receives the service they paid for. And security plays a large part of it.
How Does ITSM Help?
Some of the ITSM processes that are commonly employed by IT security teams include IT security management, disaster recovery, and availability management. IT security teams who follow these processes will follow the best practices on implementing security methods, as well as the best ways to handle the aftermath of an attack and to ensure that the necessary security services and personnel are available when they’re needed.
Security procedures and practices are not the only line of defense against ransomware offered by ITSM. ITSM frameworks contain best practices and recommendations for an array of security-critical activities. For example, knowledge management can prompt IT service providers to stay on top on the latest ransomware strains. The Service Desk allows IT service providers to receive notice when a security event happens. Change management is a set of guidelines on how to efficiently upgrade systems. And to help prevent attack like WannaCry – patch management, the guidelines for timely implementation of patches.
The threat of ransomware is rising. Companies who provide IT services have an increased responsibility to ensure that they have the proper security measures that will prevent as many ransomware attacks as possible and to offer quick recovery after the attacks that couldn’t be prevented. While those measures might take the form of security software, having good procedures for threat events, as well as the guidelines to ensure system health and integrity are equally as important. And ITSM provides those procedures and guidelines.
