Following the global cyberattack Microsoft has taken the unusual step of issuing a public patch for the now unsupported Windows XP operating system as well as previous versions Windows 8 and Windows Server 2003. As the global cyber-attack slows, what can organisations do if a ransomware copycat strikes. Adam Meyers, Vice President, Cyber Security Company at CrowdStrike commented below.
Adam Meyers, Vice President, Cyber Security Company at CrowdStrike:
“WannaCry has caused a ransomware infestation on a blockbuster scale. Many organisations are now reporting that their race to apply the patch (MS17-010) was not quite quick enough. Unfortunately, many organisations were too far down the cyber rabbit hole to fend off WannaCry.
“It is important to recognise that patch roll-outs are complex. High profile patch fiascos have made IT departments wary of automatic patch installations. Organisations often run testing, to double check that applying the patch does not knock over their IT systems. Any window between the known vulnerability and the patch is critical. Two months arguably is too long. But, organisations need an intelligent endpoint protection system that can operate at machine speed during that window of opportunity.
“When cyber security and machine learning come together, organisations can act before ransomware like WannaCry, infects. New cyber techniques define a process that allows organisations to keep a ‘machine eye’ out for malware or other ransomware copycats. By identifying a suspicious process or behaviour and applying machine learning to let all other computers know about it, organisations can be on the front foot.
“The WannaCry infestation needs to force a shift in the security paradigm. The best defence to wide scale cyber security is a crowdsourced response. This is about pulling together what we have learnt on one machine, one endpoint and applying that learning to help defend other networks. Once this attack is over, the next step has to be attribution and bringing the perpetrator to justice.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.