Three years after WannaCry, what have we learned?
Three years ago, the WannaCry ransomware worm wreaked havoc on hundreds of thousands of organizations worldwide, ranging from hospitals that had to pause urgent operations to multinational delivery services that were forced to halt the transportation of goods. In fact, experts claim business interruption costs from the notorious ransomware attack topped off at about $8 billion.
As cybersecurity practitioners, we all remember where we were when we first heard about WannaCry. We remember the knot in the pit of our stomach as the list of affected organizations grew exponentially by the minute. Three years later, the memories are still fresh in our minds – but have organizations applied any of the lessons learned to their overall security strategy? Let’s take a look.
The threat remains
In 2017, WannaCry compromised out-of-date, unpatched computers and servers, encrypting data on systems and shutting organizations down completely. Data from the time found that more than 95 percent of all infected machines ran unpatched versions of Windows 7. Fast forward to today and for those numerous organizations that still have not patched old Windows systems, WannaCry remains a threat to some extent.
Patching has been notoriously overlooked by organizations. In fact, a Service Now and Ponemon Institute study found that 65 percent of businesses admitted it was difficult to prioritize patches above other initiatives. But with 57 percent of data breaches attributed to poor patch management, it’s time to make proactive patching an urgent, ongoing effort, especially as ransomware continues to rise as a common attack method.
Beyond patching: Cyber resiliency
Patching is recommended, but the action alone is not enough to stop malicious, sophisticated cybercriminals. The reality is, adversaries are already in organizations’ systems. They’re using advanced techniques to hide from defenders, exploiting vulnerabilities that have not been patched (as witnessed with WannaCry) and targeting those for which patches don’t yet exist.
It’s time to take a more proactive approach to security, or rather cyber resiliency. Cyber resiliency ensures organizations are able to perform mission-essential functions and operations, even when an adversary has penetrated defenses and compromised cyber assets.
Organizations should design resilient cybersecurity strategies that build off of the assumption that bad actors are already in their networks, and they must adopt steps actively to protect the integrity of their mission-critical systems, including implementing solutions at the following three protection layers within your network:
- Communications/network protection, which provides organizations with the necessary tools for real-time analysis and threat detection;
- Operating system/software protection, which grants organizations the ability to harden operating systems, authenticate all execution and actively protect the integrity of applications and data.
- Hardware-level protection to validate the integrity of hardware and firmware while preventing modification of board initialization, system firmware and OS bootloader code.
These tools should include automated cyber event detection and response, data at rest and runtime protection and mechanisms preventing changes or reverse engineering of applications and data. Increasing the resiliency of your critical systems will help you fight through an attack and raise the bar for would-be attackers.
Lessons learned, and not learned
Fortunately, there is a silver lining when looking back at WannaCry. Some lessons have been learned by organizations of all sizes and sectors. Many have upgraded older operating systems, aggressively patched their systems, better isolated unpatched systems behind firewalls, and implemented sound backup solutions to minimize the chance of ransomware causing major havoc on their networks.
However, “many” does not mean all organizations, as some still haven’t gotten the memo that a proactive, resilient approach to cybersecurity is needed now more than ever.
History repeats itself. The next big ransomware worm can come at any moment. Organizations need to be prepared to handle a ransomware attack and ensure their systems remain resilient amid the havoc.