<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1066757590101687&amp;ev=PageView&amp;noscript=1">

17 May 2017

Wannacry highlights that un-patched systems present a security threat


Ransomware Wannacry caused a massive havoc in companies globally in May 2017. The main reason for this to happen were systems which were not up-to-date. Why?

James Wright

The latest breach of the ransomware "Wannacry" showed the vulnerability of unpatched legacy infrastructure. "Wannacry" ransomware was engineered to take advantage of the most common security challenges facing large organizations today. This all could have been avoided with a patch which was released more than 2 months ago. 

“The governments of the world should treat this attack as a wake-up call.”

- Brad Smith, President of Microsoft

 

Evaluating the true costs of a downtime (when patching) vs. downtime in case of a malware outbreak in terms of numbers is very difficult. According to TrendMicro, the average cost for a data breach is around 4 million USD. This means that you should always patch unless the downtime cost is more than 4 million USD. In the case of "Wannacry" and its variants, there was a very public and high-profile data dump recently exposing vulnerabilities in systems all around the globe.

Probability of attack after this sort of data dump? 100 percent. 

Actions taken? Well, read the news..

 

"If it's not broken, don't fix it"

How can it be, that after this type of massive and public data dump there were still such a large number of systems, which were not patched and vulnerabilities were still present? 

One major underlying factor, was legacy weight. It is not uncommon for legacy infrastructure patching cycles to exceed 100 days. Often patches must be tested in pre-production environments, then rolled out to production in a controlled manner. Even with this process and testing in place, it is not uncommon for some patches to cause problems and crash systems on a large scale - meaning even larger downtimes and profit losses. This legacy is still carried on till this day, especially if the old infrastructure is still in place. 

With legacy infrastructure, there lies a strong heritage of "If it's not broken, don't fix it" -culture. Despite the fact, that in todays reality, the more correct phrase would be "If you don't fix (update) it, someone may exploit it". When for a majority of businesses their data is their most valuable resource, it is quite shocking to notice how many businesses - irrespective of their size - are risking their data by storing it on servers which are poorly maintained.

You wouldn't do the same with your bank account, would you? 

 

Patching in the Public Cloud

If you're running any environment or services in the Public Cloud, with the right processes and tools in place, keeping your systems up-to-date is a very painless and simple process. 

The "Wannacry" outbreak highlights where Nordcloud's Managed Services can be a well-justified investment. As a part of Nordcloud's Managed Services portfolio, we offer Cloud Guard. While it covers a wide scope of services, lets focus on the topic at hand; The Patching Service and Host Security. Following our leading patching policies and processes, we can patch various platforms and services at the time that suits you, on a monthly or quarterly basis. We report on every update installed on the systems, allowing our customers who ulitise the service to know what patches and updates have been installed and when. Let Nordcloud patch and protect the systems, while you focus on what matters most - your business. 

If you too want to avoid the concerns of "Wannacry", its variants and successors, we are very happy to help you. Contact us about how Nordcloud can manage your cloud services. 

None of Nordcloud Cloud Guard customers with Patching Service/DSaas in place were affected by Wannacry.

 

Here's also something about Cloud Security for you to study more, if the topic interests you. 

New Call-to-action

Source: TrendMicro

About Nordcloud

Nordcloud is a European leader of public cloud infrastructure solutions and services. Since 2012 we've completed over 300 deployments to help our enterprise customers gain the maximum benefits of the cloud including security, agility, scalability and overall cost-savings. As an independent cloud-native company, we are representing all globally leading cloud technology providers neutrally for the customers’ benefit. With a strong Nordic heritage, Nordcloud is headquartered in Helsinki with offices in Stockholm, Malmö, Oslo, London, Amsterdam, Poznan and Munich.

If you'd like to talk with Nordcloud to see how you can benefit from the cloud then contact us and we'll arrange a meeting for you with one of our cloud experts.
Contact Us