• The real reasons behind the WannaCry ransomware

    15 May 2017

    As we continue down the path of yet another major security breach – this time with the ransomware WannaCry – let us remember that it’s not just about the criminal hackers, out-of-control government agencies such as the NSA, or vendors such as Microsoft putting out vulnerable software. Every single one of us working in IT, security, and business today are complicit in these challenges.

    • Outdated/unsupported operating systems are running. We are responsible.
    • Patches are not getting installed in due time. We are responsible.
    • People are clicking links and making other bad decisions. We are responsible.
    • Stuff is happening on the network, sight unseen. We are responsible.
    • Policies are ignored. We are responsible.
    • Unfunded mandates still exist. We are responsible.
    • Systems – even entire network environments – remain untested. After all, you can’t secure what you don’t acknowledge. We are responsible.
    • Underscoped and unauthenticated vulnerability scanning and penetration testing paints an inaccurate picture of the average security posture. We are responsible.
    • Incident response procedures remain undocumented. We are responsible.
    • Credibility and relationships are essential for mastering information security, yet we continue to focus on everything but that. We are responsible.
    • Information security continues to be seen as IT’s problem. We are responsible.

    I don’t know how many more widespread breaches we’ll have to endure but I do know that everyone has a hand in these challenges before us. We can continue down the path of promising that we are compliant and secure when we are, in reality, reacting aimlessly to everything that happens. I know that managing enterprise IT environments is not easy and I certainly don’t envy anyone responsible for securing them. Still, there is so much that most organizations are leaving on the table. But, why?

    Is it people protecting their territories under the guise of long-term job security? Perhaps it’s lack of budget or management buy-in? Maybe it’s an out-of-control user base continuing to not think before they act…?

    Whatever it is, it needs to change. The criminal hackers and those supporting them are not going away. In fact, they look at issues such as the WannaCry ransomware outbreak as yet another reason they need to keep doing what they’re doing. As the saying goes: change before you have to.

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept