Learning from the WannaCry ransomware attack

Learning from the WannaCry ransomware attack
© iStock/Tanawin Tananankul

More than one year on from the devastating WannaCry ransomware attack, Tanium’s Matt Ellard considers how far healthcare organisations are prepared to deal with the next cybersecurity crisis.

The WannaCry ransomware attack was, at the time, one of the most devastating and widespread cybersecurity incidents recorded. By exploiting a known vulnerability in Microsoft Windows, attackers were able to compromise public and private sector organisations around the world with apparent ease, despite a patch being available for two months. In the UK, 34% of NHS trusts were affected, as well as more than 600 primary care organisations. Total losses resulting from the attack were placed at anywhere between hundreds of millions to a staggering $4bn (~€3.4bn).

With such enormous impact felt around the globe, you would assume that WannaCry would have been a wake-up call for organisations to get their cybersecurity in order. But, shockingly, organisations are still struggling to take action from the lessons learned. In fact, new research has found that 36% of frontline IT workers in healthcare organisations in the UK believe their organisation is more exposed today than it was a year ago when WannaCry hit.

Companies struggling to take action

In the immediate aftermath of WannaCry, half of respondents (50%) said their organisation responded quickly by reviewing existing security systems, and 36% said they redefined their process for reacting to security incidents. While these positive first steps demonstrate a realisation of the dangers of ransomware, it seems this reactionary behaviour did not give way to long-term change.

For many, the need to innovate quickly is causing them to compromise on their security practices. In fact, 36% stated that their cyber-practices haven’t changed as other IT initiatives had to take priority, with only half (50%) having improved their patch management processes since WannaCry, despite this being a key factor behind the spread of the attack. Ensuring software is kept up to date with the latest patches is one of the most widely accepted ways of keeping a company network secure from vulnerabilities and cyber-threats.

As the damage from WannaCry receded, many organisations struggled to sustain the initial executive interest in improving cybersecurity. For many, the increasingly connected nature of their operations, combined with a lack of oversight of what they actually operate, might have impacted their ability to implement new patch management policies. In other cases, as the survey revealed, the challenge could be a gap between what IT workers on the frontline are seeing and what their leadership team believe is happening, whilst 21% in the sector say they still struggle to get the urgent funding they need for urgent cybersecurity projects.

Significant gaps between IT teams and the board

As the World Economic Forum notes, “What would once have been considered large-scale cyberattacks are now becoming normal.” 40% of survey respondents said their organisation was affected by ransomware attacks, including WannaCry and NotPetya.

To protect against future threats of this nature, IT operations and cybersecurity teams at healthcare organisations need to bridge the accountability gap to protect the network, company, and customer data from future threats. They should work together to embed strong security fundamentals across their network. That means having true, real-time visibility into what is happening across their organisation, including where and how they store customer data.

A major security incident, on the scale of WannaCry, is one of the few events that can irrevocably destabilise a business. Waiting for it to happen before enacting meaningful change would be devastating, and companies must bring their security processes up to date.

Delivering innovative services to meet customer expectations means little without the resilience to support it. And organisational complexity or a siloed infrastructure is no excuse. Crucial to combatting any type of threat – whether a sophisticated attack or, more likely, one that exploits an out-of-date piece of software – is a clear oversight of all of the endpoints across the network and the ability to stop the threats targeting them almost instantly. This relies on the right technology and close collaboration between IT operations and security teams to protect the network, company, and customer data.

Matt Ellard
Vice-President, EMEA

This article will appear in issue 6 of Health Europa Quarterly, which will be published in August.

Subscribe to our newsletter


Please enter your comment!
Please enter your name here