6 Lessons Every Company Should Learn from the WannaCry Ransomware

WannaCry’s ransomware attack is mostly over – here are the lessons businesses must learn from the experience.

WannaCry

WannaCry was a particularly nasty bit of ransomware that infected Windows systems via network connections and encrypted important files to hold them as a ransom for bitcoins. The first wave of WannaCry is over, and we can learn a lot of important lessons from its rise and fall.

1. Operating Systems Change for a Reason

This is probably the number one lesson from WannaCry: The disappointing thing is that is a very familiar lesson that every security experts know well. You have to keep updating your operating system, not just to keep up with the times, but also to protect your business data.

This advice is so common that the real problem is probably something more insidious: Business leaders refuse to take responsibility for the platforms and operating systems they are using. WannaCry is the consequence for that leadership failure, and the sooner organizations recognize that, the better they will be able to plan for the future. Windows XP was particularly vulnerable to WannaCry – that’s an operating system that’s 1)12 years old, 2)surpassed by 4 newer versions of the operating systems with far more advanced tools and integration, and 3)an OS that hasn’t had any support at all from Microsoft (outside of this emergency patch) for nearly three years.

The very common excuse that business makes here is that, “We can’t update because of this regulation, or that compliance issue, or the need to maintain services to our customers.” First, these are incredibly weak excuses. A full upgrade will always take time, resources, and careful planning to meet necessary regulations. That’s part of the process, not an excuse to avoid it. Second, many organizations don’t even realize these are poor excuses because they haven’t actually asked experts. The first thing an organization should do if they are worried about upgrading an older operating system is to bring in an IT expert that has experience in these types of upgrades and ask for a consultation, advice, and ultimately a game plan for the best possible outcome.

2. Patches Don’t Just Get in the Way – They Protect Against Threats

Close behind the lesson about upgrading to new versions of your operating system is the importance of patching. Let’s divided this into two steps. First, your company must be aware of available patches, as they come out, and what they do. This is really easy, even if you aren’t in IT. New patches are heralded by blogs, emails, tweets and many other sources of information explaining what they are and what they accomplish.

Second, give top priority to any patches that are designed to fix vulnerabilities and increase security. Require all employees to download that patch on all machines, that day. Period. You don’t even have to turn on automatic updates, just make sure those patches are downloaded. WannaCry was patched back in March, but guess what? A lot of organizations have no patch plan or requirements, so it didn’t matter.

3. Lack of Awareness is a Vulnerability

Combine both our first lessons, and you get a reminder worth noting – companies cannot claim ignorance here. We have to be aware of the current security dangers, and how to deal with them. That means paying attention to what IT says, understanding how the business systems work, and knowing when a new malware or virus attack hits. These days, no manager can say, “Well, it’s not my problem.” It is.

4. A Single Good Practice Can’t Protect You From All Malware

In the past, most ransomware like WannaCry was spread primarily through phishing emails, and strong anti-phishing strategy was very effective at dealing with the threat. But guess what? Things changes. Cyberattacks regularly evolve and find different, more insidious ways to locate new victims. You cannot count on a single strategy to prevent any particular threat.

5. Network Segmentation May Be Growing More Important

Network segmentation refers to devices that avoid connecting to the business network or connect only briefly in closely monitored situations to avoid data vulnerabilities and malware. Especially after WannaCry, this is looking like a good strategy for companies that handle a lot of sensitive information.

6. The Consequences Will Always Be Worse Than Necessary Preparation

Some of the organizations affected by WannaCry include the UK National Health Service, the South Korean and Chinese governments, and organizations in more than 150 countries. Emergency health services were canceled, governments were unable to offer services, factories were suddenly shut down, and much more. This led to tremendous losses, and will probably lead yet again to a whole lot of fines, firings, and the loss of contracts. It doesn’t matter how demanding security changes are, they are always easier than dealing with the aftermath of a bad attack.

For more information on how to prevent the latest malware attacks in {city}, contact {company} and let us know about your goals! You can call us at {phone} or send us a message at {email}.

Share this post

Invotec Solutions IconInvotec Solutions

Unit 9/148 Chesterville Road, Cheltenham

5.0 7 reviews

  • Avatar Matt Wilde ★★★★★ 3 months ago
    Working with an education solutions expert such as Invotec has meant that we have had a collaborative partner every step of the way in the development of, not only our ICT network infrastructure, but also in determining how best to engage … More students, deliver content, and drive learning outcomes.
  • Avatar Daniel McNairn ★★★★★ 11 months ago
    Invotec Solutions is a great company. Working in the education field they have been great support when we have had technical issues that have needed high level solutions. I know they have worked throughout the Catholic Education system … More and have always delivered a high level of service and support. Very easy to deal with and friendly support.
  • Avatar Marcia Reynolds ★★★★★ 10 months ago
    Invotec were fantastic! Being a small business owner and IT illiterate, Invotec helped me to get up and operating without an issue.
    I now feel secure knowing that they are there to back me up.
  • Avatar Aaron Hawke ★★★★★ a year ago
    I had the pleasure of working with the Invotec Solutions Team for our Cyber Security requirements. They really know their stuff and my expectations were well exceeded. Thanks Guys, You made it easy!
  • Avatar Korin Roehm ★★★★★ 2 years ago
    Invotec has been a great partner to our company. They're very quick and responsive. If you talk to anyone there you know that they're very knowledgeable in the work that they do.
  • Avatar Jan Chapman ★★★★★ 4 years ago
    Invotec really know their stuff, a great company that want to provide the best service possible. I highly recommend them.

Get a Quote