Matt Ellard, EMEA Managing Director at Tanium
The WannaCry ransomware attack was, at the time, one of the most devastating and widespread cybersecurity incidents recorded. By exploiting a known vulnerability in Microsoft Windows, attackers were able to compromise public and private-sector organisations around the world with apparent ease, despite a patch being available for two months. In the UK, 34% of NHS trusts were affected, as well as more than 600 primary care organisations. Total losses resulting from the attack were placed at anywhere between hundreds of millions to a staggering $4 billion.
With such enormous impact felt around the globe, you would assume that WannaCry would have been a wake-up call for financial services organisations to get their cyber-security in order. But shockingly, for many, organisations are still struggling to take action from the lessons learned. In fact, new research has found that 27% of frontline IT workers in banking and finance in the UK believe their organisation is more exposed today, than it was a year ago, when WannaCry hit.
Companies Struggling to Take Action
In the immediate aftermath of WannaCry, the majority of respondents (66%) said their organisation responded quickly by reviewing existing security systems and a quarter (25%) said they redefined their process for reacting to security incidents. While, these positive first steps demonstrate a realisation of the dangers of ransomware, it seems this reactionary behaviour did not give way to long term change.
For many, the need to innovate quickly is causing them to compromise on their security practices. In fact, one in five stated that their cyber practices haven't changed as other IT initiatives had to take priority, with only a quarter (26%) having improved their patch management processes since WannaCry, despite this being a key factor behind the spread of the attack. Ensuring software is kept up-to-date with the latest patches is one of the most widely accepted ways of keeping a company network secure from vulnerabilities and cyber threats.
As the damage from WannaCry receded, many organisations struggled to sustain the initial executive interest in improving cybersecurity. For many, the increasingly connected nature of their operations, combined with a lack of oversight of what they actually operate, might have impacted their ability to implement new patch management policies. In other cases, as the survey revealed, the challenge could be a gap between what IT workers on the frontline are seeing and what their leadership team believe is happening, whilst 25% in the sector say they still struggle to get the urgent funding they need for urgent cyber security projects
Significant gaps between IT teams and the board
As the World Economic Forum notes, "what would once have been considered large-scale cyberattacks are now becoming normal." Forty percent of survey respondents said their organisation was affected by ransomware attacks, including WannaCry and NotPetya.
To protect against future threats of this nature, IT operations and cybersecurity teams at financial services organisations need to bridge the accountability gap to protect the network, company, and customer data from future threats. They should work together to embed strong security fundamentals across their network. That means having true, real-time visibility into what is happening across their organisation, including where and how they store customer data.
A major security incident, on the scale of WannaCry, is one of the few events that can irrevocably destabilise a business. Waiting for it to happen before enacting meaningful change would be devastating and companies must bring their security processes up to date.
Delivering innovative services to meet customer expectations means little without the resilience to support it. And organisational complexity or a siloed infrastructure is no excuse. Crucial to combatting any type of threat – whether a sophisticated attack or, more likely, one that exploits an out-of-date piece of software – is a clear oversight of all of the endpoints across the network and the ability to stop the threats targeting them almost instantly. This relies on the right technology and close collaboration between IT operations and security teams to protect the network, company, and customer data.