While the stories are continuing of the massive number of institutions and major businesses which have been affected world wide by the Wannacry Ransomware attack over the past few days there are a few trends which seem to be coming evident.
Updating avoids attacks
It appears that most of the locations that have been successfully hit are ones where Microsoft updates have not be run on their systems on a current basis. It seems that the vulnerability that the Wannacry attacks was identified and patched by Microsoft some weeks ago and for any organization or user which has run the regular MS updates the vulnerability has been plugged.
It seems that those who have been affected do not run the updates as frequently, often due to concerns about impacts on legacy operations which might be affected by the update. In this case the consequence of these actions seems to have been significant and running the updates on a timely manner would have avoided major heartache.
Early reports indicated that many of the interruptions had been outside of North America and had affected many public institutions such as hospitals, governments and also auto manufacturers in Europe. It is hard to draw perfect answers without much more analysis than can be done in the short time since the attacks started but many of these types of organizations will have lots of legacy systems which may have been a reason not to run updates.
Older system patches
One report indicates that due to the significant impact the originally vulnerability could have Microsoft even took the step to create patches for software which it has long declared redundant, think MS XP, MS7 and many older server versions, so that users could apply the patch to these old unsupported systems. Of course many users would not be aware the patches are available or that their systems might have the problem.
Cost of ransom much less than the other impacts
Early reports say that the relatively low ransom indicates this attack is more about the disruption than making money from the ransom. The first level is $300 and some have paid this within a few hours to get access to their files again. Of course many more have not and perhaps did not realize they were attacked until later on.
The significant number and the broad range of organizations affected has really been a much more important outcome of the massive attack. Is it reasonable to conclude that the disruption was the real intent, not the ransom? Only more study and more time will help answer this question and also might point to who or what organization might be behind it.
Patch your systems
There seems to be a growing consensus as a result of this attack that running update patches on your systems is an important first line defense against these types of malware. Especially when patches are created for older versions of software to help support legacy installations where older software has been embedded into hardware and equipment. Of course to take advantage of this type of effort you first have to know what is actually the heart of the software running in your legacy environments. If you don't know you can't take action.
Every person and organization is part of cyber security
I get the feeling the same thing will happen when it comes to cyber security. So many cyber disasters are based on exploiting people’s lack of knowledge about elementary ideas like software updates or email attachments. Successful companies of the future may be those in which everyone in the organization has a basic level of cyber literacy.
These are fine approaches, but I can’t shake the impression that corporate culture must be part of the mix too. I recall how it was once okay for those of us in the media to ignore new technology (“why do I need that? I’m a writer!”), but now the industry treats tech literacy as a core part of a journalist’s job.
The above analysis comes from a Reuters report on the attack published through Fortune Tech. The thesis presented is cause for thought by every organization and every manager. If you have not trained and prepared your people to think about the impacts of such a cyber disruption, then perhaps it is a good time to do so now. With the broad public coverage of this recent attack the potential for better understanding and awareness is enhanced.