Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Taking Measure

Just a Standard Blog

Things That Make Me Wannacry

By: Pat Toth
Man at WannaCry computer
Credit: ©Zephyr_p/

I’m a bit emotional these days. My youngest—my baby—just graduated from high school. It’s the end of an era for our family: The years of homework, packing lunches, attending sporting events, and endless nagging to study for exams are finally over. It’s a bittersweet time as a mom. If I think about it too much, I get a little teary-eyed. I’m so proud of my son—he got into his dream school with a full scholarship!—yet I worry if we’ve taught him everything he needs to know. I’ve been waking up at night, thinking of things I still need to tell him. He assures me, with an eye roll that only a teenager can do, that he knows everything. I just hope we’ve done enough to prepare him.

Kids these days, at least to their parents, seem to have a natural relationship with technology and an intuitive grasp of how it works. At the same time, younger people are also more likely to take risks and act without thinking—things that I, being a “caution giver,” would never do.

So, I wonder if he always takes the time to think before he clicks on links or downloads files—even those that look like they come from me!

cybersecurity infographic
NIST MEP has developed an infographic that illustrates how a cybersecurity program provides advantages for small manufacturers. You can download a full-sized version of this infographic using the link below.
Credit: NIST MEP

As Cybersecurity Program Manager for the NIST Hollings Manufacturing Extension Partnership (MEP), it’s my job to worry about how small manufacturers can protect themselves from cyber threats. By now, you’ve probably heard about the WannaCry ransomware attack that recently spread across the world. WannaCry is a kind of computer virus called a Trojan horse. We call it that because, like the Trojan horse of Greek myth, it hides its malicious payload inside an otherwise innocent-looking package—a file or link from what looks like a trusted source. Designed to infect Windows XP computers, WannaCry will encrypt all the data stored on your computer. To decrypt your files and regain access, the virus requires that you pay $300 in Bitcoin to an anonymous account. If the ransom has not been paid after three days, then it increases to $600. If a week passes without payment, the virus deletes all your files and they cannot be recovered.

While ransomware is not new, this attack has been so widespread that many small-business owners, manufacturers among them, have likely lost some sleep wondering if they’ve done enough to protect their systems. Could a ransomware attack be the end of their business? The integration of physical production and digital technologies has forever transformed the factory floor, but small manufacturers have often failed to protect their investments in these new technologies with a comparable investment in cybersecurity.

It's vital that small business owners build a robust cybersecurity program will help protect their employees, customers, and businesses.

Small businesses often see cybersecurity as too difficult or too expensive. And it’s true: There is no easy, one-time solution for cybersecurity. But if viewed as part of your business strategy and regular processes, cybersecurity doesn’t have to be intimidating. While small manufacturers may be more constrained by budgets than larger companies, they need to understand that cybersecurity is not necessarily a huge expense. A basic level of cyber hygiene may be reached very affordably.

Following the five steps of the NIST Cybersecurity Framework can help small manufacturers understand their cyber risks, limit the impact of a cybersecurity event, enable timely discovery, respond properly to a cybersecurity event and get back to normal operations after an incident occurs.

It might be useful for small-business owners to approach cybersecurity like preparing a child to go off to college. Both require a great deal of planning, continuous monitoring, consistent effort and a few sleepless nights. Parents and business owners should remember that, while you can't predict the future, you can, and should do everything you can to protect yourself and those that depend on you, and give them the tools they need, as best you can, to forge ahead.


About the author

Pat Toth

Pat Toth is the Cybersecurity Program Manager at the NIST Hollings Manufacturing Extension Partnership (MEP). During her 26 years at NIST, Pat has worked on numerous documents and projects including SP 800-53, SP 800-53A, SP 800-171, SP 800-16 rev 1, and NISTIR 7621. Before she came to NIST, she served as a Cryptologic Officer in the U.S. Navy.

Related posts


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.