Jun 13, 201711:58 AMOpen Mic
Send us your blog for consideration!
Protecting against ransomware requires up-to-date operating systems
(page 1 of 2)
The WannaCry malware attack last month has woken up business leaders to the importance of keeping computer operating systems up to date. Companies across industries were affected by the ransomware attack, in which users’ data was held hostage. The business disruptions were severe in some cases, but the greater lesson from this episode is how much worse it could have been if a “kill switch” hadn’t been discovered relatively soon after the attack. Across essentially all industries, business would grind to a halt if data on products, customers, vendors, and business processes became unavailable.
The key point about WannaCry is that it exploited an operating system vulnerability that had been discovered — and fixed — earlier this year, for those who installed the updates. Modern operating systems incorporate sophisticated identity and access management technologies that, when properly implemented, greatly reduce the threat of unwanted access. But flaws in complex software will be found, and when they are they must be fixed immediately.
It’s odd that such a basic need is so often ignored, but not especially surprising. Since the dot-com crash in the early 2000s, there’s been a general malaise among IT departments concerning their perception of the significance of operating system maintenance for both client devices and servers. We estimate that a typical organization is two to three major operating system iterations behind.
One reason for this is reluctance to upgrade from a system with familiar features and interfaces. Another reason is software used in the organization’s various lines of business may be incompatible with modern operating systems. IT managers often lament they can’t envision updating an operating system for as many as five years from present because it’s so difficult to update or replace older, legacy applications.
In those situations, the organization needs to make a priority of upgrading or replacing the legacy software. The risk of delay is just too great. Often, this fact is obvious to IT managers but not to other leaders in their organizations, who might prefer to channel IT budget dollars toward more glamorous purposes.