The events of May 12, 2017 live on in cybersecurity lore. WannaCry revealed just how extensive the damage caused by ransomware can be if deployed in large scale – from downtime to ransom paid to reputational damage. Yet despite the danger, ExtraHop recently found that 68% of organizations are still running SMBv1, the protocol exploited in the WannaCry attacks that has been publicly deprecated since 2014.
I’d advise organizations to take this day to focus on two areas to help their security posture. First, acknowledge the danger outdated, legacy technology poses. If you’re unable to update or patch, make sure you have good visibility into it, including both north-south and east-west activity. The adage you can’t protect what you can’t see has been around for a long time for a reason – it’s true. The scramble around Log4J and Spring4Shell proved how important it is to know exactly what is running on your network. I see new users who are surprised by Log4Shell vulnerabilities still open in their network.
Second, focus on the incident response process. How long will it take your organization to push an update or patch if a new vulnerability is released? Our research shows that only 26% of enterprises can respond in less than a day—probably fast enough to prevent most attacks, while 39% take one to three days, 24% take up to a week, and 8% take up to a month. Put in place steps now to enable your team to take action quickly including having the right visibility tools, downtime processes, and support from leadership to push through critical updates.