Every 40 seconds a company is hit with ransomware, and the WannaCry outbreak is a perfect example. WannaCry demonstrates how ransomware attacks can quickly spread across and cripple environments by exploiting critical vulnerabilities in Windows computers – at least in those not updated with the patch Microsoft issued in March of this year (MS17-010) or the emergency update issued for XP on May 13, 2017.
Of course, running out-of-support operating systems such as XP is risky. But, XP by itself is not the biggest problem. The larger issue is complacency around security updates, operating system updates, and OS upgrades across the infrastructure.
For perspective, nearly one-third of organizations targeted by ransomware attacks don’t have security in place to protect against infection. And only 26% of organizations feel they have necessary security measures in place. Keeping your environment up-to-date gives you the benefits of the latest security features and proactive mitigations built into the latest versions of Windows.
Windows 10 users with the most recent updates installed (May 2017) and with the latest Windows Defender virus definitions or using current endpoint security software are much less vulnerable to ransomware attacks such as WannaCry.
Regardless of the version of Windows you’re running, security deserves attention. So, if you escaped WannaCry or other attacks, count yourself lucky. But don’t get complacent. It’s time to escalate security to a mission-critical level.
With that in mind, Zones offers the following advice to keep up with security threats and the ever-changing landscape:
1. Ensure operating systems are up-to-date
2. Regularly run installed anti-virus software
3. Re-run vulnerability scans (at no cost) and quickly patch vulnerabilities
4. Block SMB ports (139, 445) from externally accessible hosts
5. Train employees about the risks of opening and clicking unknown emails and links
You’re only as secure as your weakest point. In complex organizations, potential weak points are abundant. Zones offers a portfolio of security assessments that help you identify the hidden risks that leave your organization wide open to intrusion and regulatory non-compliance. Additionally, we can assist with building a plan to manage and keep your environment secure.
Don’t be a victim of the next WannaCry attack. Ensure your environments have current updates and the security coverage required to keep you protected.