Till the next WannaCry campaign

Security practice is shifting from prevention to detection. Wannacry proves that detection can be straightforward. Prevention, however, would have saved millions of dollars in downtime, restoration efforts and damaged reputation. Therefore, before the next WannaCry campaign occurs, take action based on your lessons learnt, review your procedures, and rethink a balanced approach between prevention and detection.

The WannaCry campaign was widespread and significant but it was not the first ransomware incident and it will certainly not be the last. In 2008, the Conficker malware exposed the same self-propagating capabilities taking advantage of a Windows SMB vulnerability. More than 3 million computers in 190 countries got infected, according to estimates.

So what did we learn from 2008? Not much, considering the turmoil that WannaCry has just caused.

Instead of focusing on this WannaCry campaign and other single events, let us instead take a look at the bigger picture.

The root cause of the WannaCry proliferation was a vulnerability (CVE-2017-0145), for which Microsoft had issued the MS17-010 patch in March 2017. The vulnerability was rated as critical and readily exploitable. Two months later many organizations had still not applied the patch. With a strong Patch Management procedure in place, the organizations would have identified and prioritized the implementation of such a critical patch wherever possible and in good time. Compensating controls could have been applied to systems where the patching had not been possible.

Since the first WannaCry security incidents started making headlines, organizations have struggled to identify vulnerable systems in their networks and make rapid decisions for remediation. Could this have been done faster, more efficient and better? Having strong Asset & Configuration Management procedures will significantly help you make the right decisions under pressure.

Security controls can fail and holes in the networks will eventually allow malware to find its way into a corporate network. Should a Security Incident strike, organizations need to have well-documented Security Incident Management & Response procedures. In case of an emergency situation organizations must have the capacity to identify, contain, eradicate the threats, and restore affected systems and business operations

Click here to download our whitepaper "NNIT Cybersecurity - A new threat landscape requires a new approach"

Are you prepared to protect your business-critical IT?

The global efforts to control and contain the COVID-19 pandemic is a blunt and brutal reminder of the necessity of solid Business Continuity Management. The widespread quarantine has suddenly made digital workspaces vital and cybercriminals are keen to take advantage. Do you have a plan in place to protect or recover the IT systems that are vital to keep your business running?

Read the full article here

We're a Managed Security Service Provider helping you manage your cyber-security strategy, processes, certifications, controls and compliance measures.

Based on strong partnerships with solution providers, we can build a full-scale Cyber Defense Center. We can establish solid identity and access management solutions, assess your threat posture in real-time and respond to any threat fast.

See more here

We are ready to assist you

NNIT has a large number of information security specialists ready to assist you. Together they have an enormous range and depth of competencies. We also have our own Cyber Defense Center, and if lightning strikes, we respond and assist you. Fast.

Read on to learn how our cybersecurity services can help your business stay compliant, secure, and future-ready.