Microsoft’s announcement urging users of older versions of Windows to apply a patch to protect against a potential widespread WannaCry-like attack. Two years on from the WannaCry attack, which affected computers in over 70 countries, Tanium’s recent research showed that organisations are still struggling with patching hygiene, leaving their critical assets exposed.
This vulnerability is so bad that #Microsoft decided to issue patches for XP and Server 2003 (which you really shouldn't be running). #infosec https://t.co/aOvhtucXyp
— Tim Erlin (@terlin) May 15, 2019
Matt Ellard, Managing Director, EMEA at Tanium:
“Two years after the WannaCry ransomware attack plagued hundreds of thousands of computers across the globe, organisations have been warned of a security flaw that could be exploited to create a WannaCry-like worm. Although no exploitation has been spotted for the latest vulnerability, hackers are likely to create one and incorporate it into their malware.
Given that global cyber-attacks such as WannaCry were catalysed by poor patching hygiene, organisations need to ensure that they can confidently protect critical assets, monitor impact, and recover from the unexpected. However, our latest research shows that 94% of CIOs and CISOs are having to make trade-offs in how well they can protect their organisations from cyber threats, outages and other forms of disruption.
“For example, our study also showed that 81% of security leaders have refrained from adopting an important security update or patch due to concerns about its impact on the business. And, the vast majority (80%) said they had found out that a critical update they thought had been deployed had not updated all devices, leaving the business exposed.
“Businesses can no longer afford to overlook the scale of the threats they face and the IT operations, compliance and security teams need to unite to bridge the accountability gap to protect the network, company and customer data. As organisations look to build a strong compliance and security culture, it is essential that they build a foundation based on solid IT operational processes, including real-time visibility and the ability to patch across all endpoints. Only then can organisations safeguard against future disruption and cyber threats.”