The WannaCry ransomware attack was, at the time, one of the most devastating and widespread cybersecurity incidents recorded, writes Matt Ellard, EMEA Managing Director at cyber security company Tanium.
By exploiting a known vulnerability in Microsoft Windows, attackers were able to compromise public and private-sector organisations around the world with apparent ease, despite a patch being available for two months. In the UK, 34pc of NHS trusts were affected, as well as more than 600 primary care organisations. Total losses resulting from the attack were placed at anywhere between hundreds of millions to a staggering $4 billion.
With such enormous impact felt around the globe, you would assume that WannaCry would have been a wake-up call for organisations to get their cyber-security in order. But shockingly, for many, organisations are still struggling to take action from the lessons learned. In fact, new research has found that 40pc of frontline IT workers throughout the UK believe their organisation is more exposed today, than it was over a year ago, when WannaCry hit.
In the immediate aftermath of WannaCry, the majority of respondents (63pc) said their organisation responded quickly by reviewing existing security systems and 40pc said they redefined their process for reacting to security incidents. While, these positive first steps demonstrate a realisation of the dangers of ransomware, it seems this reactionary behaviour did not give way to long term change.
For many, the need to innovate quickly is causing them to compromise on their security practices. In fact, one in five stated that their cyber practices haven’t changed as other IT initiatives had to take priority, with almost 70pc claiming to not have improved their patch management processes since WannaCry. Ensuring software is kept up-to-date with the latest patches is one of the most widely accepted ways of keeping a company network secure from vulnerabilities and cyber threats.
As the damage from WannaCry receded, many organisations struggled to sustain the initial executive interest in improving cyber security. For many, the increasingly connected nature of their operations, combined with a lack of oversight of what they actually operate, might have impacted their ability to implement new patch management policies. In other cases, as the survey revealed, the challenge could be a gap between what IT workers on the frontline are seeing and what their leadership team believe is happening.
As the World Economic Forum (WEF) notes, “what would once have been considered large-scale cyberattacks are now becoming normal.” Forty percent of survey respondents said their organisation was affected by ransomware attacks, including WannaCry and NotPetya.
To protect against future threats of this nature, IT operations and cybersecurity teams need to bridge the accountability gap to protect the network, company, and customer data from future threats. They should work together to embed strong security fundamentals across their network. That means having true, real-time visibility into what is happening across their organisation, including where and how they store customer data.
A major security incident, on the scale of WannaCry, is one of the few events that can irrevocably destabilise a business. Waiting for it to happen before enacting meaningful change would be devastating and companies must bring their security processes up to date.
Delivering innovative services to meet customer expectations means little without the resilience to support it. And organisational complexity or a siloed infrastructure is no excuse. Crucial to combatting any type of threat – whether a sophisticated attack or, more likely, one that exploits an out-of-date piece of software – is a clear oversight of all of the endpoints across the network and the ability to stop the threats targeting them almost instantly. This relies on the right technology and close collaboration between IT operations and security teams to protect the network, company, and customer data.
