Is it too late to stop the next ransomware attack?

Ransomware attacks are increasingly turning into a game of wack-a-mole; Bad Rabbit is rapidly spreading around Europe as the world is still recovering from WannaCry, NotPetya and more.  While vulnerabilities are increasing, users are not patching quickly enough. 

According to Flexera’s Q1 Personal Inspector Country Report, one in ten Australian PC users has an unpatched operating system and companies take over half a year (186 days) to install available patches on average.  Delayed preventative security action leaves open a huge window of risk for hackers ready to climb in.

Most known vulnerabilities have patches available on the date of their disclosure, which can prevent attacks.  According to Flexera’s annual Vulnerability Review published earlier this year, in 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors.  Eighty percent of vulnerabilities in all products had patches available on the day of disclosure in 2016.  Patches are widely available; users’ lax approach means they simply aren’t being applied quickly enough.

The Microsoft Patch that could have prevented harm from the WannaCry attack was available for months before the initial attack and the same vulnerability was exploited by the Petya attack less than two months later. In a sea of news, interpretations and all the fear, uncertainty and doubt spread around the WannaCry attack, it’s evident patching is the most effective way to prevent the exploitation of known software vulnerabilities.

These recent vulnerabilities provide a good opportunity for IT leaders to reconsider how they can implement effective measures to ensure their organisation is not the next victim of a similar attacks. Staying on the front foot and managing vulnerabilies with available patches means they can minimise risk of any future attacks, protecting sensitive data and unnecessarily wasted resources.

Bridging Software Vulnerability Gaps

Ransomware attacks highlight how neglecting security patches can have a catastrophic impact on businesses.  WannaCry reports showed attacks targeting 100 countries and confirmed disruption for the National Health Service (NHS) in the UK, telecom giant Telefonica in Spain and FedEx in the United States of America. While Australia escaped WannaCry mostly unscathed we were hit hard by the more recent Petya attack which affected major businesses, including Cadbury and global law firm DLA Piper.

Security professionals have a great opportunity to bring together their business leaders to gather commitment and start conversations about how to raise awareness and close gaps between IT Security and IT Operations through SecOps initiatives.  Such initiatives should effectively strengthen the security profile of organisations and effectively reduce the risk associated with attacks targeting known software vulnerabilities.

Companies must build efficiencies and bridge the SecOps gap, a prime example of organisational misalignment and a dysfunctional supply chain, to enable an effective remediation process to patch the right things fast.  This approach will allow organisations to:

• Introduce formal Vulnerability Management processes into the company
• Patch and remediate as part of a complete Vulnerability Management process
• Develop Vulnerability Management processes and implement technologies to support those processes
• Close the patch assessment and remediation gaps to deliver accurate patch assessment and remediation to support the entire lifecycle of managing software vulnerabilities

Companies can easily address important gaps in traditional vulnerability management tools, including the assessment and remediation of vulnerabilities on software and systems running on clients and servers.  These gaps put organisations at risk of security breaches that can lead to loss of confidential data and hacker control of internal systems. 

Closing these gaps via more frequent patch assessment and packaged security patches for remediation is critical to mitigate security risk posed by vulnerabilities such as the next WannaCry, variations of which are likely to continue with equal fervour. Now more than ever, IT security professionals need to work together with IT operations to drive leadership decisions that build organisational emphasis on preventative patching security to protect against future attacks.