By Dan Pastor
The May 12th wave of global ransomware attacks using the WannaCry ransomware is another nail in the vulnerability management coffin. Attackers have exploited a known Windows vulnerability in order to propagate simple ransomware in unpatched systems, simultaneously, all over the globe and across multiple industries. These attack waves are usually not targeted but rather a “cast your net wide” kind of attacks, which explains the diversity in affected countries, industries and organizations.
There are dozens of vulnerability management and patch management solutions currently available in the market, on top of the patches sent weekly by software and OS providers such as Microsoft or Apple. There are also many cyber intelligence companies researching and analysing zero-day vulnerabilities and exploits found on dark-web forums and markets. And, there are also many cyber security companies that will tell you should have defended yourself against ransomware by updating your antivirus, your operating systems and by backing up your sensitive data. This is not enough.
The issue is not vulnerability management, the issue is risk management.
These kinds of attacks will continue to grow and expand with shorter intervals between them in the near future. The recent attack comes as no surprise if you just look at the data. We at Cytegic have identified this trend (ransomware targeting “unusual” targets) a while ago and have raised this strategic alert multiple times throughout the year. Healthcare, government and critical infrastructure (the industries most affected by WannaCry) have been on the hackers’ sights for the past years, mostly due to the un-updated nature of their systems. Ransomware attacks have affected hotels, restaurants, police stations, hospitals, government offices, banks and many more over the past year.
Performing preemptive cyber risk assessments, based on statistical data from outside and within these organizations, would have helped preparing for rising attack trends and minimizing the impact of the attacks. Analyzing the correct and relevant defense vector would have helped prioritising resource allocation and minimising risk and exposure.
Cytegic’s technology does just that – analyzing contextual cyber-threat trends to produce strategic alerts for specific industries and geopolitical locations; gathering internal control readiness indicators from defenses relevant to specific attack vectors; focusing cybersecurity investments based on the ever-changing threat landscape using an automatic correlation engine; preparing “edge cases” for relevant threats and building defensive and recovery action plans; and more.
The core of the challenge is money – organizations cannot invest all the money all the time on every type of threat. They must prioritise and allocate funds and resources based on what will optimize their risk level. They must plan their cyber insurance based on changing needs, to prepare for the almost-certain probability of a future devastating attack. Only by using a scientific and financially-focused cyber risk management system such as Cytegic can organisations handle these overwhelming waves crashing on their docks.