Orgs Have Failed to Make Necessary Security Improvements Since WannaCry & Petya

Orgs Have Failed to Make Necessary Security Improvements Since WannaCry & Petya

More than two-thirds of security professionals are not confident their organizations have made necessary security improvements since the WannaCry and Petya attacks earlier this year, according to new research from Tripwire.

The firm’s survey found that, despite the severity and damage caused by the cyber-attacks just a few months ago, there are doubts about whether companies have reacted appropriately to improve their cyber-defenses, with Tripwire suggesting this lack of confidence could be a result of organizations failing to implement critical security controls.

Nearly a third of respondents felt that the biggest problem a business faces is establishing what devices are on its network, whilst worries about vulnerability management (14%), administrative privileged issues (6%) and audit log attention (6%) also cropped up as areas of concern.

However, 40% believed that there was not a singular cause of security problems and that businesses were failing at all of the above.

Tim Erlin, vice-president at Tripwire, said that no matter how big or small an organization is, it has to have a serious attitude towards security.

“If you were lucky enough not to have been effected by WannaCry or Petya take it as a sign. Remember, you don’t have nine lives. All it takes is one data breach or another WannaCry and your company has lost data, money, credibility and most importantly, customer trust, which is one of the most difficult things to recover.

“Adopting best practices and leveraging critical security controls will continue to be the best bet for defending against advanced adversaries and can help close the gap within a business’s security infrastructure. 

“It is important to understand that good security hygiene will greatly reduce the effectiveness of an attack and goes a long way to making the attackers job more difficult.”

On a more positive note, the majority of those polled (84%) claimed their company is looking to invest budget in mitigating its cybersecurity risks, something welcomed by Erlin.

“It’s good to see businesses investing in security defenses,” he said. “However, it’s about purchasing the right technology that’s suited to that company and to understand that technology is not the only solution. Enterprises need to remember to focus on the fundamentals of security. One of the most important tools, and probably the one that gets overlooked, is education.”

Source: Information Security Magazine