The worldwide proliferation of WannaCry ransomware exposed a lack of urgency regarding OS security updates. That can't be allowed to happen.
In May 2017, more than 200,000 Windows-based computers in 150 countries were affected by ransomware known generally as WannaCry. The story was the hot technology topic for about a week and then faded into the background after a security researcher figured out how to stop the malware from spreading. However, allowing the attack's memory to fade is the real danger here.
The unfortunate part of the story, in addition to the fact that the mechanism that allowed the ransomware to be so effective in the first place was developed by, and stolen from, the United States National Security Agency (NSA), was that Microsoft had issued a patch that fixed the security flaw months before.
In other words, if those impacted Windows users, regardless of whether they were running XP, 7, 8, or 10, had just taken a few minutes to patch their operating system, the WannaCry attack could have been a moot issue. The attack and all the consternation that came with it would have been stopped in its tracks by a minimally diligent user base.
The lesson: Whether you are a Fortune 100 company or an individual who only surfs the web for recipes, you must keep your devices and the operating systems that powers them, whatever they may be, up to date with security patches. This is not optional.
Security is a priority
For years, TechRepublic has been prodding, cajoling, and pleading with individual users and IT Pros alike to keep their operating systems up to date at all times. This nudging was often pointed toward Microsoft Windows since it is the predominant OS for business desktops. And while most didn't need the reminder, some TechRepublic readers pushed back on our pleas with the less-than-persuasive "I don't have time" excuse. The worldwide WannaCry attack bolsters our stock response: "Make the time."
The May 2017 WannaCry ransomware fiasco also points to another modern-day problem that many IT Pros may not have considered. The mechanism that WannaCry exploited, called EternalBlue, was developed by the NSA, presumably to be used for intelligence gathering. The code, which is essentially a cyber-weapon, was stolen and used for an "unauthorized" purpose.
In effect, all of the WannaCry victims were collateral damage in an ongoing battle for supremacy in a global cyberwar. Microsoft was able to get ahead of the situation this time with a patch, but that is little comfort if the fix is not applied in a timely manner.
Unfortunately, I doubt this will be the last time unintended casualties are inflicted by countries engaging in cyberwarfare. So as if you don't have enough to worry about, here is yet another security vector to keep in mind.
WannaCry is just the latest high-profile malware attack. Business enterprises, IT pros, executives, employees, individuals—everyone—must realize that their computer systems are under constant attack. That is just the reality of the world we live in. Proactively protecting yourself has to be standard operating procedure. Timely updates are not, and never have been, optional. In fact, they are a priority.
SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
More connections, less security
In the next few years, millions upon millions of new devices are going to be added to the world's information network. This not only includes the typical new computers and smartphones, but IoT devices like sensors and appliances. All of these devices are going to be interconnected, with many tied to cloud services and still others running artificial intelligence algorithms.
While that might sound exciting to you, to security experts it just sounds like millions of new ways to exploit vulnerabilities. Every computer, network, smartphone, sensor, server, autonomous car, etc., that is not proactively kept up to date with security patches is an open door granting unauthorized access to your data and your systems.
If we are going to realize the promised benefits of an interconnected world, we collectively must make security a priority. This latest WannaCry security incident suggests we have yet to get the message.
Microsoft is spending a great deal of time and resources trying to keep ahead of security problems as they arise, but customers can't depend on that to save them. This is particularly true if governments around the world are actively using exploits for nefarious purposes.
When it comes to your data, it is a dangerous and uncertain world. Everyone and every device has a covenant with everyone and everything else connected to the network to keep their devices secure and up to date. It is your responsibility and your priority. Because if your devices are compromised, our devices are compromised. Don't be the weak link that brings us all down.
- WannaCry: The smart person's guide
- Gallery: 10 major organizations affected by the WannaCry ransomware attack
- Report: Mobile ransomware attacks 'soared' in 2017, up 250% in Q1
- Ransomware: The smart person's guide
- Why patching Windows XP forever won't stop the next WannaCrypt
- 5 ways to make sure users comply with patch releases
Are security updates the enterprise-wide priority they should be in your organization? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.