Rob Greer, chief product officer and senior vice president of network security firm ForeScout, said that despite the estimated $8 billion in damages globally resulting from the WannaCry attack, many businesses are still not taking the most basic means of securing their data.
“This massive attack targeted hundreds of thousands of users in close to 150 countries, locking up computers from car factories and hospitals to retail shops and schools. The lesson from the WannaCry attack was simple – keep your system patches up to date,” said Mr Greer.
“However, even one year later, many organisations still don’t regularly patch their systems or even know where their endpoint and devices are.”
He suggested that some businesses lack policies on when their systems are updated and who is responsible for doing so, while others are concerned about operational impacts of software updates.
“Many businesses use expensive operational technology devices that rely on custom software built on older versions of the Windows operating system,” Mr Greer said.
Nevertheless, Mr Greer cautioned against ignoring important security patches, likening unpatched systems to “Swiss cheese”.
“While a properly patched system may not be impervious to attack, proper IT hygiene can stop many bad actors dead in their tracks,” he said.
“If the systems cannot be patched for operational reasons, the best means of protecting them is to place them in separate network segments.”
According to the Telstra Security Report, around half of businesses to have fallen victim to ransomware have coughed up the ransom in the hope of retrieving their data, despite there being no guarantee that paying up will deliver the desired outcome.
Yet the financial cost is only one aspect, given the additional compliance burden of mandatory reporting of data breaches now that the Notifiable Data Breaches Scheme is in effect.