The Morris Worm goes down in history as the first worm in existence. This self repeating computer program that was written by Robert Tappan Morris, a student at Cornell University, and released from MIT on November 2, 1988. According to the creator of the worm, Morris, the intention of the program was to gauge the size of the internet at the time, although it unintentionally caused a Denial of Service (DoS) for nearly 10% of the 60,000 machines connected to the internet at the time.
The program created by Robert Morris created a bit of a stir, resulting in a Supreme Court Case. The United States v. Morris (1991) case resulted in Morris being convicted under the 1986 Computer Fraud and Abuse Act, with Morris receiving a sentence of three years in prison, 400 hours of community service and a $10,000 fine.
As an SMB Owner, what does this mean for me?
The Morris worm was the first self-replicating malicious software witnessed online. Since then there have been dozens of similar events that costs millions and sometimes billions of dollars in damages. As a business owner, make sure your company’s cybersecurity program includes the following protections:
- You Train your employees have a robust awareness program in place to train on how to spot and avoid email based phishing attacks, social engineering, and many other modern hacker attack methods.
- Govern your employees with policies on Information Handling, Acceptable Use of Computers, and Passwords at a minimum.
- Have a Risk Assessment performed on your company to understand the potential threats and vulnerabilities you face and then once you decide on a budget, create a remediation plan to begin reducing your risks to an acceptable level.
- Test your employees with Phishing attacks at least quarterly and preferably more often.
- Ensure you have Technical protections in place to protect you when your training and governance fails you and employees click on a hacker attack. Antivirus, SPAM filtering, removing Administrator rights to your windows desktops, and deploying a Password Manager are all strong starting activities for low cybersecurity maturity companies. As you mature you will need to add additional technical solutions to improve your protections.