UPDATED 00:43 EST / MAY 11 2018

INFRA

A day of cybersecurity infamy: the lessons of WannaCry one year on

In a day that will live in cybersecurity infamy, the WannaCry ransomware was first detected in the wild on this day in 2017. The attack would go on to cause an estimated $8 billion in damages and bring ransomware attacks to the forefront of media and government attention.

The attack, discovered within the network of the U.K. National Health Service, crippled hospital computers and put lives at risk as it spread across the globe in the months ahead. It was still spreading as recently as March, when Boeing Co. became its latest victim.

As more became known about WannaCry, it spawned its own scams and scandals, from hackers tricking people into installing fake patches to bogus Android apps to arguably the weirdest story of them all: the man attributed with “saving the world” from WannaCry subsequently being arrested for hacking himself.

Microsoft Corp. took the unprecedented move of issuing patches for older, unsupported versions of Windows, but perhaps the only winners from the attack were cybersecurity companies, who saw their shares surge as a result.

Security researchers have taken the opportunity of the anniversary to discuss the lessons learned. Rob Greer, chief product officer and senior vice president of ForeScout Technologies Inc., told SiliconANGLE that “the lesson from the WannaCry attack was simple: Keep your system patches up to date.”

But he noted that even one year later, many organizations still don’t regularly patch their systems. Some don’t have strict policies to keep their systems up to date, he said, and others can’t afford the operational impact of upgrading to the latest software. Moreover, many businesses use expensive operational technology devices that rely on custom software built on older versions of Windows.

“Unpatched systems are the Swiss cheese of cybersecurity,” Greer added. “And while a properly patched system may not be impervious to attack, proper IT hygiene can stop many bad actors dead in their tracks.”

In particular, he said, “Organizations must ensure they are consistently assessing their endpoint and patching posture, and may restrict network access based on that device posture and security policies. If the systems cannot be patched for operational reasons, the best means of protecting them is to place them in separate network segments.”

Dana Ragsdill, director of product management at Quest Software Inc., agreed, saying that the WannaCry ransomware attack displayed to the world the true cost of failing to keep systems and software up to date.

“Ransomware became the posterchild of cyberthreats, and although a year later the industry has seen a shift away from this type of attack, this is no room for complacency on security,” Ragsdill said. “Software vulnerabilities, such as the EternalBlue exploit or the Spectre and Meltdown flaws offered an open door to malicious actors, and with 20,000 new vulnerabilities discovered in 2017, the threat is impossible to ignore.”

Image: Maxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU