The IT Pro Podcast: What did we learn from WannaCry?
Five years on, WannaCry still remains one of the most impactful security incidents in recent memory
Five years ago, the security world was rocked by one of the most sudden and widespread ransomware outbreaks in history. Even now, organisations are still recovering from the damage done by WannaCry, and its shadow still looms large over the industry.
While ransomware has remained a major threat for organisations over the last half-decade, we haven’t seen anything as globally impactful as WannaCry since then - so what (if anything) has the industry learned from the incident, and are we likely to see anything on a similar scale again? IEEE senior member and professor of cybersecurity at Ulster University Kevin Curran joins us this week to talk about the legacy of WannaCry.
“First of all, you have to know your assets and what you're protecting, and then have the multi-factor authentication in, but you have to make sure that all your systems are patched and fully up to date. And then you want to have anti-malware, anti-spyware, you want to have real time analysis of the networks… Then you’ve got to train your workforce to be able to recognise social engineering attacks.”
“[Attackers] don't want to be too successful. We found that with the some of the larger attacks, the Colonial Pipeline [attack] against the United States, and the Irish hospital system, which was brought to its knees, so you don’t want to be too successful, because then the authorities will come after you as well.”
“One of the recommendations is, of course, you have automated patch management of your operating system, of your environments, and also of your software. As such, there are tools which can try to, and that do actually take snapshots of your systems, and can restore them… There's companies which specialise in that, whenever you're attacked, that they'll get your system up and running.”
- The IT Pro Podcast: Should companies spy on their employees?
- A month in the life of a social engineer – part one
- Crypto.com confirms $34 million hack caused by 2FA bypass exploit
- Colonial Pipeline CEO confirms $4.4 million payment to DarkSide hackers
- What is WannaCry?
- WannaCry showed the world how not to write ransomware
- Over two-thirds of companies still run software with WannaCry flaw
- WannaCry's ghost is still wreaking havoc five years on
- Calls for international support to fight ‘uncontrollable’ ransomware surge in developing countries
- Irish Health Service hit by ransomware attack
- Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday
- Visa pins end-of-week outage on 'hardware failure'
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Google Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Subscribe to IT Pro 20/20
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download