Staying Positive in the Age of Ransomware
WannaCry reminds us that proactive security is a business requirement in the app economy.
The fallout from the “WannaCry” cyberattack seems likely to continue for some time. The size and scope of the attack is frankly mind-boggling. Some are even describing it as the largest cybercrime incident ever. Nevertheless, the key lessons learned could not be simpler or clearer: everything happens online these days; cybercrime is a very real, very dangerous threat; and a proactive approach to cybersecurity is, more than ever, a necessity for doing business.
Securing the Digital Era
In an age in which truth often seems stranger than fiction, it sometimes appears that satirists are becoming one of the more reliable sources of information. Certainly, the Onion’s dependably ludicrous American Voices feature achieved some of the most piquant commentary on WannaCry, not least this gem: “Maybe this will be the impetus we need to finally move away from computers.”
It is well-known that computers—and software-driven digital technology generally—won’t be going anywhere any time soon. The chances that the tide of digitization will be turned back are (and this is a conservative estimate) slim to zero. Furthermore, the chances of an organization prospering without investing wholeheartedly in digital transformation… Well, they’re slim too. Again, that’s a conservative estimate.
Manage Risk, See Competitive Rewards
So, how can organizations that are plunging into the digital deep end respond to a threat of this nature? While the scope of WannaCry may be shocking, the hack itself shouldn’t really come as a surprise. It first came to many people’s attention as a ransomware attack upon the UK’s National Health Service (NHS), before spreading globally. As reported here and elsewhere, these kinds of attacks on healthcare organizations are frighteningly commonplace.
One of the reasons the hackers could target British healthcare facilities was that the NHS was running outdated operating systems. Not doing regular OS upgrades may seem like a rookie error. In the context of healthcare, where the stakes can be life or death, it might seem worse than that. But to be fair, dealing with these matters in the context of an organization as large and complex as the NHS can be a major headache.
What this really teaches us is that—for large organizations especially—the most effective approach to cybersecurity is proactive, not reactive. This means making sure security is a central consideration in developing, adopting and deploying software. It also means adopting technologies able to face emerging security challenges head on, such as privileged access management or advanced threat analytics.
This proactive approach should be part of larger cultural shift toward a more broadly positive approach to security. As WannaCry has reminded us, having your cybersecurity act together is a prerequisite of doing business in the application economy.
In this context, security should not be considered a chore and it should certainly never be treated as an afterthought. Rather, cybersecurity is as a business enabler that will give you a competitive advantage.