WannaCry emphasises the dire need for automation and cognitive in security

|

This is me jumping on the bandwagon with an opinion about the global WannaCry ransomware attack last Friday. As of my writing this, this attack hit over 200,000 companies, hospitals, universities, and other groups in more than 150 countries according to Europol. It’s been headline news.[1]

While bandwagon jumping generally has a bad connotation (doing or supporting something just because it’s hot at the moment,) security is one of the bandwagons you should proactively jump on. Right now. Really.

Security tools, services, articles, etc. are all popular because security attacks are popular – and increasing. So yes, if in the past you thought your passive following of whatever standards were placed in front of you was good enough, you need to break out of that rut and get proactive. Too often, standards aren’t keeping up with the changing threat landscape. You need to constantly search for new security tools, skills, and services to help you protect your firm, your employees, and your customers to achieve digital trust in the market.

In fact, the recent attack only brings findings from HfS’ recent Managed Security Services Blueprint into clearer perspective. We heard from both providers and security executives that effective security programs shared key characteristics:

  • Automation everywhere possible. There are too many threats and attempts for your security team to monitor them without automation – you’ll never collect the necessary data manually. Your automation investments need to include appropriate analytics to evaluate and find patterns in the data so your team can take appropriate next steps.
  • Investment in cognitive computing. Predictive analytics and cognitive computing investments for tomorrow aren’t negotiable. Today’s environments can collect and analyze, but you also need to be focused on systems that learn from current data to build predictive models and help you prevent attacks, not just respond to attacks as they happen.
  • Focus on employees and the human element. This takes two tracks: 1) Educate employees more often and more consistently about phishing and other techniques that attackers can use to get credentials and other sensitive information from workers to attack company systems. And 2) keep your security team’s skills up to date. The talent shortage in security is exacerbated by the skills gap – staying current on all security trends is daunting but necessary. And security teams are so overwhelmed already that it may seem they don’t have time for training. It’s time to evaluate your hiring and training for security to look for ways to bring in non-traditional talent and get them up to speed faster to ensure you’re protected.

Bottom Line: Treat security as your business, not as an enabler

Without effective security your business won’t survive – either your company systems will be brought down, or more likely, customers won’t want to do business with you if they see you as a threat to their own information security. The WannaCry ransomware attacks is another proof point that security threats are increasing in number, scope, and scale. Jump on the security bandwagon and follow practices of leading edge security practioners for effective programs.

 

[1] A few of the news stories include:

https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html

http://www.bbc.com/news/technology-39924318

https://www.cnet.com/news/watch-wannacry-attack-geography-in-real-time/

Posted in : Security and Risk

Comment0

Leave a Reply

Your email address will not be published.