As ransomware emerges as one of the principle cyber threats for governments and companies around the world, WannaCry variants exploiting the same Windows vulnerability have already been reported. Sophisticated attackers will seek to exploit other vulnerabilities, too. Fake WannaCry decryption tools are also emerging, so a rash of targeted phishing schemes that exploit the panic surrounding the latest attack may follow in short order.
How to Respond
While firms are allocating increasingly large portions of their IT budget to advanced cybersecurity capabilities, throwing more sophisticated tools at these attacks is not the best way to stop them.
The WannaCry crisis and predictions about future threats suggest that CIOs and senior information security managers should center cybersecurity strategies on the more mundane tactics of controls hygiene and employee awareness, not just advanced cybersecurity tools.
Prioritize controls hygiene over advanced tools and capabilities: More than 90% of successful attacks exploit vulnerabilities over a year old. And while Microsoft released a security patch two months ago for the vulnerabilities that WannaCry exploits, attackers could still exploit the vulnerability in hundreds of thousands of systems.
While the fix seems obvious, CIOs and security professionals should develop incentives (including in employees’ performance ratings) to encourage other teams in IT and in the wider company to take the right action and hold them accountable for their hygiene responsibilities.
Concentrate resources on employee awareness and behavioral change: Successful high-profile attacks unleash a wave of copycat attacks exploiting the same and related vulnerabilities. One out of every two breaches can be traced back to insecure employee behavior, so cybersecurity strategies should focus on creating a company culture that values secure behavior.
This means defining and identifying behaviors that underpin a “security mindset,” and instead of viewing employees as risks that must be mitigated, using their intimate knowledge of their workflows and other processes to enlist them in detecting incidents.
Most importantly, the most forward-thinking firms don’t face their cybersecurity challenges alone, but rely on the collective wisdom of their peers to share information on the threat, and rapidly respond to new and ongoing challenges.