Unless you’ve been away from all your devices since Friday morning, you know that the WannaCry ransomware attack has hit 200,000 computers in 150 countries, according to Europol. We’re still not in the clear yet, but the analysis is in full force.
If need to get up to speed, as well as a little bit of ransomware background, here’s the best take I’ve found, via Troy Hunt. If you were directly affected by WannaCry, or if you spent the weekend at work installing patches, I hope everything is going okay.
All around the world, IT leaders are getting emails from business leaders asking if their company could get hit. (And in the next few months, a thousand marketing pitches will bloom, as well.)
Of course, much of the matter comes down to individual organizations and typical things like patching, upgrading OSes, having effective backups, segmenting networks, and locking down machines.
I don’t know whether to be relieved that the answer is as simple as “stay current and patched” or to be discouraged. Because as easy as it is to say that, we all know that in world of challenging applications and budget constraints, this just doesn’t always happen. We also know all of the security implications. We wrote several years worth of articles about migrating off of Windows XP proving both of these points. (Microsoft even issued a public patch for Windows XP and Server 2003.)
Anyway, there’s been plenty of commentary about WannaCry already, so instead, I have a question: Will this headline spur your organization to release more budget for IT projects, and if so, which ones? SaaS adoption? Better management tools? New security products? Application modernization, or even just upgrades? Migrating to Windows 10? I know we have a lot of readers with a lot of experience and points of view, so let’s hear it in the comments.