By: abacode On: May 26, 2017 In: Breaches Comments: 0

Over 150 countries are still recovering from the WannaCry ransomware attack on May 12th, which affected over 300,000 computers worldwide (Graham). As individuals, companies, and entire nations try to comprehend and recover from one of the largest cyberattacks in history, at least one thing is clear: cybersecurity is more important than ever. Businesses can no longer afford to limit their definition of cybersecurity to only meaning crisis management. In addition to keeping up with the latest in cybertechnology, the WannaCry attack proves the need for taking a new approach to preventive cybersecurity measures.

The WannaCry attack that targeted the Microsoft Windows operating system might have been avoided had a cybersecurity monitoring team detected the weakness in Microsoft’s design earlier on. Instead, the vulnerability went unnoticed by Microsoft until March, which gave the NSA, its alleged discoverer, the opportunity to create its Eternal Blue exploit, which in turn was exploited by other hackers to then propagate their own WannaCry ransomware (Graham).

Although Microsoft took measures back in March to patch the Windows vulnerability, the computer system update that included the patch mostly benefitted personal computers that use automatic updating. Unfortunately, this means that many of the systems that require manual updating, which make up a large portion of corporate networks (Sherr), were never updated by their users. These organizations were consequently still vulnerable when the WannaCry attack occurred two months later.

In an age where nearly everyone’s financial, medical, academic, social, and professional lives depend on technology, the protection of such data is paramount. However, unless corporate board rooms begin to recognize the need for their internal IT leadership and/or outsourced IT providers to partner with firms who are cyber experts, cybersecurity will be viewed as point solutions and a fragmented approach which is ineffective.  Organizations will need to actively address cybersecurity by separating cyber services from all other IT services, similar to the way you separate tax and audit work, financially.  This is the proper way to address cybersecurity from a business stand-point first and technical second to prevent another WannaCry scenario .

Thankfully, cybersecurity firms such as Abacode are providing strategic and holistic cybersecurity services in order to help companies strengthen their technical and human lines of defense. In addition to identifying internal and external vulnerabilities through their 24/7 SIEM / SOC monitoring & remediation service, Abacode also trains clients on the latest cyber threats. As the WannaCry ransomware attack has proven, it will take a top-down approach and informed leadership in order to win the war against cyberattacks.

 

Works Cited

Graham, Chris. “NHS Cyber Attack: Everything You Need to Know about ‘Biggest

Ransomware’ Offensive in History.” Telegraph, 20 May 2017,

http://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-

biggest-ransomware-offensive/.

Sherr, Ian. “WannaCry Ransomware: Everything You Need to Know.” CNET, 19 May 2017,

https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-

need-to-know/.

Trackback URL: https://abacode.com/responding-to-wannacry/trackback/