The Biggest Takeaway from the WannaCry Ransomware Attack

By Special Guest
Walker White, President, BDNA
May 30, 2017

This month’s ferocious ransomware attack, known as “WannaCry,” spread across the globe with astonishing speed and breadth, freezing more than 300,000 computers in an estimated 150 countries. Management teams at every corporate, government and not-for-profit organization should now be reviewing lessons learned from that experience.

The biggest takeaway from the WannaCry experience is this: effective cybersecurity is mostly about having good actionable data to tell you where your highest priority vulnerabilities are.

Here’s why: as with most large-scale cyberattacks, the WannaCry ransomware exploits vulnerabilities that are already known and understood. In this case, the vulnerability is called “EternalBlue,” which was released online in April by a hacker group called the Shadow Brokers.

The EternalBlue vulnerability, reportedly developed by the National Security Agency, exploits weaknesses that affect older versions of the Microsoft Windows operating system. Roughly 98 percent of computers affected by WannaCry run Windows 7, according to Kaspersky Labs. Most of the remaining computers affected were running Windows XP or were clients of Microsoft’s Windows Server 2008 R2 operating system, which is built on the same kernel used in Windows 7.

But even though the EternalBlue vulnerability was known, it was nevertheless successfully exploited with devastating results. In fact, the most frequently exploited cybersecurity vulnerabilities, known as Common Vulnerabilities and Exposures (CVEs), date back many years. (WannaCry is entry CVE-2017-0144 in the national CVE registry, which is maintained by The MITRE Corp).

These vulnerabilities continue to be successfully exploited by hackers and malware because end-of-life (EOL) and end-of-support (EOS) software and hardware continue to live on many organization’s networks without the knowledge of IT staff.

In many cases, organizations knowingly keep outdated software and hardware running because of fears that replacing them will disrupt legacy applications and systems. But in those cases, organizations often do not fully understand the larger cyber risks they open themselves up to.

This is where good actionable cyber risk intelligence is so critical.

Many organizations do not manage their EOL software. In fact, a recent BDNA survey found that 52 percent of responding organizations do not have a process for handling EOL software.

As we have seen with many recent cyberattacks, including the WannaCry ransomware attack, the consequences of this are too great to ignore. Software vulnerabilities in commercial products are the biggest source of data breaches in the enterprise. Not managing end-of-life of enterprise applications has major implications on enterprise security, compliance, and the ability to enforce critical processes.

The challenge in doing this is that technology vendors don’t always diligently publish the EOL dates for their software, leaving IT teams to their own devices.

The results are troubling. In one organization with more than 550,000 software installations, 56 percent of its software was found to be EOL, posing a very high security risk. More than 6,350 instances of the software installed had come to EOL more than 14 years before and included applications from Microsoft, SAP, IBM, Symantec and more.

This is where asset management tools that automatically provide visibility into the entire asset lifecycle, including EOL dates for application software, become extremely useful. Such tools go beyond providing visibility into IT networks because they are able to analyze the database and alert IT managers about what assets are EOL, nearing EOL, approved and unapproved and/or out of configuration. This increased awareness allows organizations to not only be proactive about their security needs, but also enables them to leverage their data more effectively.

To make smart decisions about cyber risk, an organization’s management team must know exactly what assets are present on its networks, what vulnerabilities those assets present, and what the severity of the risk is that is associated with those vulnerabilities.

A myriad of scanning tools exist, but they are incapable of providing organizations with a single, aggregated, actionable view of cybersecurity vulnerabilities. They are incapable of providing detailed information on what assets exist on the network, which are EOL today and which will be EOL in a month or a year, which are approved or unapproved under the organization’s security guidelines, and how severe those risks are. The result is a cybersecurity posture that is reactive and always playing catch-up — in other words, at high risk.

Companies need comprehensive, actionable data to transition their cybersecurity postures from reactive to proactive.

In the wake of the WannaCry attack, corporate management teams across the globe should be reviewing their cyber risk-management postures to determine whether they are proactive and built upon actionable data.

If not, there is no time to lose.

About the Author

Walker White is president of BDNA. Joining the company in 2002, he originally served as Chief Technology Officer before becoming president in 2014. Prior to BDNA, Walker had a 13-year career at Oracle, working as chief technologist in Oracle Service Industries. He holds a B.S. in computer engineering from the University of California, San Diego.




Edited by Alicia Young
SHARE THIS ARTICLE
Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More