The WannaCry and Petya attacks caused disruption on a colossal scale, effecting businesses around the world. In theory, the cost of damage in trade and reputation should have sounded alarm bells and jolted businesses into tightening their security systems to mitigate against such attacks in the future. But has it done this in practice?
Tripwire, a provider of security and compliance solutions for enterprises and industrial organisations, conducted a survey at the Black Hat USA 2017 event, to find out how confident security professionals were that organisations had made appropriate security improvements since the WannaCry and Petya attacks.
Unfortunately, more than two thirds (68%) of respondents did not feel confident that enterprises overall have made the necessary improvements to better protect against cyber attacks, in spite of this year’s major global attacks. This lack of confidence could be down to a lack of action from organisations implementing practicing critical security controls.
It was found that nearly a third (28%) of security experts felt the biggest issue for a business is not knowing what devices are on the network. This was followed by concerns on how organisations manage vulnerabilities (14%), manage administrative privileges (6%) and pay attention to audit logs (6%).
Still, the majority (40%) believed there was not one root problem and that organisations were failing at all the above.
Tim Erlin, vice president at Tripwire said, “No matter how big or small your organisation is, you have to have a serious attitude towards security. If you were lucky enough not to have been affected by WannaCry or Petya take it as a sign. Remember, you don’t have nine lives. All it takes is one data breach or another WannaCry and your company has lost data, money, credibility and most importantly, customer trust, which is one of the most difficult things to recover. On the plus side, the majority (84%) of security professionals said that their organisation is making appropriate investments in mitigating its cybersecurity risks. When you consider the severity of the average cost of a global cyber attack, it’s a welcome sign to see enterprises budgeting for cyber defences.”
