Report: The IT response to WannaCry

Enterprise automation company 1E recently released a report on the IT response to WannaCry. The report’s findings are largely as expected, provided you expect reports on IT behavior to reveal lax security habits.

We’ve learned a lot about WannaCry since its outbreak two months ago. The most important may be that Windows patched its attack vector in March, which reveals quite a bit about what’s in 1E’s report.

From the fact that 86% of respondents weren’t ready to 73% of management teams not making more cybersecurity resources available, the report underscores what many already know: Cybersecurity isn’t the priority it should be.

Unprepared and forced to play catch up

The outbreak of WannaCry sent IT teams scrambling, at least according to 1E’s report. As mentioned above, 86% of respondents had to take preventive measures to protect themselves against the malware despite the fact that Microsoft patched its target vulnerability in March.

Detection and patching of vulnerable systems took half of respondents up to a week, and a further quarter spent between a week and a month finding all their weak links. All of that work led to 47% of respondents putting in a weekend of overtime and 23% more putting in at least two weekends.

SEE: WannaCry: The smart person’s guide (TechRepublic)

1E points out an interesting correlation between the number of respondents forced to take preventive measures and those who delay releasing security patches: It’s the exact same 86% figure.

If you’re part of an IT team that waits to push Windows updates and patches, that should definitely raise a red flag. There are plenty of reasons why patches get delayed, but in our current environment of constant cybersecurity threats there’s no excuse for putting them off.

Where to place the cybersecurity blame

The IT vs. management conflict has been around for a while. If the respondents in the report are to be taken at their self-reported word then it isn’t going anywhere.

Take this contrast as an example: 71% of respondents said WannaCry has led to an increased intent to keep systems up to date, but at the same time 73% said management hasn’t made any additional resources available to make it happen.

SEE: The Four Volume Cyber Security Bundle (TechRepublic Academy)

74% also said that WannaCry left their organization better prepared to respond to future threats, but 87% said their organization isn’t accelerating its Windows 10 deployment plans.

Only 11% of respondents said they’ve completely migrated to Windows 10. Up-to-date operating systems and security patches are an essential part of protecting a business from security threats. Windows 10 has been out for two years now, and with 98% of WannaCry victims running Windows 7, OS updates should be a priority.

Why they aren’t is still up for debate.

Don’t blame–take action

It’s easy to see a study like this and feel overwhelmed. Time and again we hear of malware outbreaks fueled by missing patches, lax security, and old OSes. The knee-jerk response is to find someone to blame, but that’s not a solution.

IT leaders need to become security evangelists–they’re they ones in their organization who know the threats, how severe they are, and how easily they can get into a network and wreak havoc. But is that being communicated?

Security needs to be related to management in ways they can understand, namely how it connects to the general business mission as a whole. One of the best ways to do that is to frame security as a monetary investment–you have to spend money to make it, or in this case to protect it.

A few thousand spent on upgrades now might seem like a big budget hit, but it will pale in comparison to the lost productivity, ransoms, and damage caused by a malware outbreak.

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

86% of respondents were unprepared for the outbreak of WannaCry. This led to 70% having to put in weekend overtime to get caught up on missing security patches.
86%–the same percentage that were unprepared for WannaCry–said their organization delays the release of security updates.
73% of respondents believe that management has failed to give them the resources they need to stay current on cybersecurity.

Also see:

Ransomware attacks: Here’s what we need to learn from WannaCry and Petya (TechRepublic)
Ransomware: An executive guide to one of the biggest menaces on the web (ZDNET)
How the GoldenEye/Petya ransomware attack reveals the sorry state of cybersecurity (TechRepublic)
WannaCry: Why this ransomware just won’t die (ZDNET)
Massive cyberattack on US critical infrastructure will hit within 2 years, say 60% of security pros (TechRepublic)

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE Recruiting a community engagement manager with the right combination of experience and communication skills will require a comprehensive screening process. This hiring kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY ...

PURPOSE Successful chief experience officers combine excellent communications skills with an intimate knowledge of customer expectations, company operations and industry standards. This hiring kit from TechRepublic Premium provides a workable framework you can use to find, recruit and ultimately hire the best candidate for CXO of your organization. From the hiring kit: DUTIES AND RESPONSIBILITIES ...

PURPOSE Recruiting an automation specialist with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS ...

Report: The IT response to WannaCry