It’s no secret that the recent global ransomware attack, fittingly named WannaCry, has left businesses, government agencies, and healthcare organizations reeling. Infecting more than 300,000 computers, the attack caused organizations to scramble to secure their IT infrastructures. Not only did the attack expose many individual organizations’ shortcomings in their security programs, but it also exposed some major shortcomings on how many organizations approach cybersecurity and the attack provides some key insights to help us better prepare for future attacks.
During this event, we have heard the typical cybersecurity advice, such as being wary of email attachments and links, paying attention to security patches, and educating employees on suspicious language that is atypical, vague or out-of-place. And while those best practices are still important, the WannaCry attack exposed the biggest vulnerability in most organizations -- outdated technology.
Older versions of operating systems, and most software in general, often do not receive continuing support in the form of the latest patches and security measures. It is these unsupported, outdated technology solutions that often prove to be the most vulnerable—and often ignored—elements of the IT infrastructure. It could be the printer server sitting in the corner and running a 90s-era operating systems, a perfectly functioning piece of equipment from a long gone manufacturer, or a forgotten bit of hardware sitting in a wiring closet somewhere. Indeed, that’s precisely how the infiltration occurred for many WannaCry victims.
One of the most effective practices against ransomware, and all cyber threats, is deploying newer technologies that are designed or have been updated to prevent the types of attacks we saw with WannaCry. It’s actually similar to buying a new car. Older software was not designed for the threats of today, just like cars of the 1970s didn’t have nearly as many safety features as today’s automobiles. Most modern day cars are designed with updated safety features conceived in their initial design stage—not just airbags but lane departure warnings, backup cameras and even alarms that go off when they sense you’re getting drowsy behind the wheel—much like today’s latest software and operating system advancements.
This attack has reminded us how vulnerable digital organizations around the world can be when it comes to cybersecurity, and as cyber threats continue to grow, it will become even more critical to have secure systems in place. A responsible owner doesn’t just budget to buy a car, she maintains it to keep it safe and when safety parts are no longer on the market, moves on to the new model. Technology that protects our most critical data merits a similar investment.