The 3 Biggest Lessons to be Learned from WannaCrypt
Last week’s “WannaCrypt” ransomware attack not only exploited serious vulnerabilities and caused catastrophe for big name businesses around the globe, but it also highlighted some important lessons in IT environment security that a lot of organizations learn the hard way.
The level of disaster that attacks like these can cause for businesses is unfortunate for so many reasons, but what makes it hurt most is how very preventable some of the damage is. Which is why the following cannot be overstated:
Patch Your Environment
Patching your environment is the first defense in a scenario like WannaCrypt. Yes, patching can be complicated, nerve-racking, and a political nightmare in some organizations. But as we’re seeing now, the alternative is far worse.
However, what may currently be a sore subject in your organization could be eased by a good patching process, especially when this process is automated, which fortunately is the direction most modern, secure organizations are going. For instance, you can implement an automated patching solution comprised of automation scripts that ride on top of SCCM as a patch automation framework for several facets of your patching cycle, which leverages your existing infrastructure investments, and is completely extensible. Simple, secure and nerve-easing, all in one.
Pay Close Attention to Microsoft’s Security Recommendations
Naturally, Microsoft was quick to respond to this latest attack and has plenty of reactive advice to share, but businesses that pay close attention and act on patches and recommendations released by Microsoft on an ongoing basis are the ones that are not making headlines for all the wrong reasons in light of the current cybersecurity attack. Proactivity is key for a secure environment.
As Brad Smith, President and Chief Legal Officer at Microsoft, states in his recent article on lessons that can be learned from the recent attack, Microsoft employs 3,500 security engineers dedicated to addressing such threats. They’re clearly dedicated to helping businesses mitigate these risks, so it is on the businesses then to do their part and take security as seriously as it is.
The unfortunate headline-making, heavily impacted businesses are likely evaluating how they could have prevented WannaCrypt from doing its damage, and they’re sadly facing the fact that the patch for this attack was originally released in March as MS17-010. Ouch. Microsoft knew of the vulnerability and released this patch well in advance to the exploit, and the right attention to this coupled with the right patching process could have saved the day for so many businesses now paying a big price.
Prevent Future Problems with Windows 10 Security Features
Another clear indication that Microsoft takes security very seriously is seen in all the enhancements to Windows 10, and organizations delaying their understanding of these features are putting themselves at great risk.
With Windows 10 just around the corner and as the days of the Kaby Lake chips draws nearer, it is evident that implementing the latest version of Windows will be non-negotiable for organizations in the very near future. As a progressive business, this makes sense as it means better security features, modern applications, native MDM protocol integration, and an updated user experience for consumers. As for most us with legacy applications that barely (if at all) support IE 10, dwindling headcount for management of the infrastructure, and a user base that has trouble adapting to technological changes, this feels like impending doom. Don’t worry, there’s hope.
As we continue to be translators from business to technology and vice versa, there are a lot of benefits to be realized out of the latest creation from Microsoft. Starting with security, Microsoft has made significant improvements to the security layers (plural) to the operating system. Having multiple layers is one of the best ways to prevent potential attacks. Microsoft’s improvements include the ability to run only approved/signed software in your organization, native virtualization technology for protecting credential hashes, behavior based advanced attack detection, and a new set of sign-in tools to ensure the user experience is top-notch while keeping security top of mind.
Patch, Pay Attention, Prevent
The lessons of WannaCrypt and other cybersecurity attacks continue to emphasize the importance of having a solid patching process and strategy to stay up with the latest patches and most secure versions of technology like Windows 10.
If you’re interested in learning more about how Windows 10 drives business value through security (as well as modern workforce management, App-V and more!), join our webinar on June 6, 2017 at 10:00 AM central time (CLICK TO REGISTER). Or, don’t hesitate to contact us directly to chat more.
About the author
Managing Partner – Model Technology Solutions
With over 15 years of Systems Management experience, Jason’s focus on people, process, and delivery has shaped Model into the consulting practice that it has become today. His approach to creating a consulting organization focused on creating IT efficiencies has led to strategic partnerships with Model’s clients. He believes in strong community support and that knowledge sharing is a critical factor to success.