For the past week, WannaCry has made tons of news in the security world. Critical infrastructure has been shut down, systems have been crippled, people suffered disruptions…
Why is this possible? What are we doing wrong? I will try to answer this from the perspective of a security guy who’s been in the trenches for many years…
One of the good security practices a company should put in place is called “defense-in-depth”, which means not to rely on one single defense mechanism.
So, here are a few things that could have stopped it:
- A good anti-malware solution installed on Windows computers (running a good anti-virus, and not just something to check a box on a compliance list, is a must these days)
- A good vulnerability management program, addressing critical patches in a timely manner (yes, sysadmins are busy, and very often the approach to patching is “who cares”)
- A good network security architecture, which should not expose critical infrastructure systems to outside threats (“it’s behind the firewall, it’s safe” – I hear many times, but the firewall allows insecure ports and protocols in)
Companies that are good at automation will succeed and survive in the current threat environment – one needs to automate deployment of tools, installing updates etc. Companies that rely on manual labor will suffer. Unfortunately, large companies tend to be in the latter category because of legacy issues.
What do you do with the old win2k server still running some code that nobody maintains and yet it’s still needed? Do you at least isolate it so it could not infect your good apples?
What about the good old VPN that allows full access into the data center from employee owned computers, where the kids may have accidentally downloaded the latest malware? Do you know what anti-virus it runs?
A good analogy for a successful security program is the so-called “broken windows policy” that turned New York City around – address small problems before they become huge.
So, if you don’t WannaCry no more, call us and we can help assess and prioritize your security program.