The SQL Slammer Virus, also known as the Sapphire Virus, is malware in the form of a worm that caused a Denial of Service on many internet hosts in 2003, and caused thousands of network outages and even dramatically slow down Internet traffic! The worm spread rapidly, infecting the majority of its 75,000 victims within ten minutes. This worm exploited a vulnerability in the software security of a SQL Server in Microsoft.
Related Term: ILOVEYOU Virus
Source: NC State Study
AS AN SMB OWNER, WHAT DOES THIS MEAN FOR ME?
The SQL Slammer worm costs companies an estimated $750 Million to over $1 Billion in damages. In this case the risks were easily avoided if these companies had patched their systems. Therefore, as a business owner, make sure your company’s cybersecurity program includes the following protections:
- Patch your systems for critical vulnerabilities. This worm incident was only able to compromise computers that hadn’t been patched in over 6 months!
- You Train your employees have a robust awareness program in place to train on how to spot and avoid email based phishing attacks, social engineering, and many other modern hacker attack methods.
- Govern your employees with policies on Information Handling, Acceptable Use of Computers, and Passwords at a minimum.
- Have a Risk Assessment performed on your company to understand the potential threats and vulnerabilities you face and then once you decide on a budget, create a remediation plan to begin reducing your risks to an acceptable level.
- Test your employees with Phishing attacks at least quarterly and preferably more often.
- Ensure you have Technical protections in place to protect you when your training and governance fails you and employees click on a hacker attack. Antivirus, SPAM filtering, removing Administrator rights to your windows desktops, and deploying a Password Manager are all strong starting activities for low cybersecurity maturity companies. As you mature you will need to add additional technical solutions to improve your protections.