IT Security is hard. It’s time-consuming and costly, and after all of that, it’s hard to know how protected your organization truly is.
After another rough week in the industry, I wanted to reflect on the state of events and the landscape in general.
Some details from the incident:
- WannaCry (also known as WannaCrypt, WannaCry, or WCry) was widely deployed and destructive. And yet, experts don’t regard it as well-developed malware. That’s scary.
- The attack was actually stopped by a 22-year-old British researcher trying to analyze the malware, and accidentally ending the communication channel for the malware.
- The originally reported distribution method -phishing- was incorrect. Most people in the industry spent a lot of time looking to protect the wrong exposure.
As we analyzed our response and our defenses, we found them more impressive than we initially suspected:
- Our managed services clients had a level of protection in place with our desktop antivirus software on each workstation.
- 85% of our clients utilize a next generation firewall with protection for these vulnerabilities. We put these measures in place in March, when Microsoft released them.
- Our Guru Sentry security services protected clients from command and control domains of this malware immediately after their release.
- We’ve continued to push clients to minimize and eliminate their usage of Windows XP. It remained vulnerable for a short time after the attacks.
- If clients had suffered an attack, our Guru Hero backup services would have been available for quick restoration.
All in all, our defenses were extremely strong and that’s great, but future attacks will be stronger and more damaging. So we have more work to do with clients to understand these risks. In addition, we are focusing our efforts on speeding up communication during these events without sounding the alarm every day.
From an organizational perspective, I hope each business takes a serious look at their configurations, products, and services to ensure that their data is secure, including:
- Security products and services, at the endpoint and network level
- Training and awareness of employees
- Backup technologies, specifically offsite and historical capabilities
- Incident response planning and documentation
This is the world we live in, and the costs involved with protecting your company assets are now simply part of doing business. Until we have substantial breakthroughs in core platforms and services, everyone needs to elevate their game.
Thanks for reading.