Cyber attacks are increasingly making the headlines, with the latest victims being corporate enterprises and the medical sector. The latest WannaCry cyber security threat spread to Windows systems rapidly and operated as a ransomeware known as “WeCry”, “WannaCrypt”, “WeCrypt0r”, or “WannaCrypt0r”. Many applications are impacted due to prolonged delays to upgrade, improper security assessment or security expertise shortages. Regardless of the underlying reasons, ransomeware threats are real and should not be taken likely.
The “WeCry” virus attack easily identify system weaknesses, breakdown their defences and compromised targeted computers in no time, leaving organisations in panic and a significant trail of data breaches.
Microsoft released the fix in March 2017, but not all updates can be applied to a network of computer system without first investigating the risk this ill cause to your system. Sometimes when new updates or patch are applied, they end up breaking the system or cause unexpected problems for other applications which may be to the detriment of users and those responsible for system administration.
Within a fast paced world, this is not acceptable, as any lost opportunities due to system down time can be very costly and this was the case with WeCry ransomeware that wreaked havoc for many large enterprises across the globe. Was it due to deliberate negligence or were there other important factors that must be taken into consideration?
Given that hackers and malicious entities are constantly developing software tools and actively investigating techniques to effectively compromise computer security, there are no guarantees that there will be a final solution for security threats.
Windows XP support ended in April 2014 and there has been numerous operating systems versions released by Microsoft since then, including Windows 7, Windows 8 and more recently Windows 10.
Migrating systems to the Windows operating system version require a risk assessment and many organisations are comfortable with the concept of “if it ain’t broke, don’t fix it”. This is a negative concept and perhaps the main reason whyWannaCrypt was able to be so successful in the first place.
There is a general misnomer going about that the average time to discover security breach is approximately 99 days. For many organisations with infected systems, this is too late. How best can one protect against ransomeware such as WannaCry?