Matthew Gardiner

by Matthew Gardiner

Senior Product Marketing Manager

Posted May 16, 2017

WannaCry? – Yes I do!

The general media, the Web, the Twitterverse, and my email has been alight over the past few days regarding the WannaCry ransomware outbreak.  And to answer the question in the name, yes I do wannacry!  Little did I know I would need an almost immediate follow-up blog from my recently published one that was subtitled -  If You Don’t Like This Minutes’ Newsworthy Cyberattack, Wait a Few There Will be Another OneMy tongue-in-cheek subtitle was almost literally correct.  But then again, in the world of IT security, predicting another major outbreak is as sure a thing as betting on a horse race that finished hours earlier.

I am certainly somewhat annoyed with the NSA for creating the EternalBlue exploit and apparently getting pwned by the ShadowBrokers and having their hacking tools fall into the wild. I am also annoyed with Microsoft for creating a critical “worm-able” Windows vulnerability in the first place.  And I am also more than a little angry at the cybercriminals for putting all of this together into a full-fledged, global ransomware attack. However, I don’t “wannacry” because of them. They are doing exactly what they were formed to do, that is – spy – build and maintain complex software – steal money.  What I really wannacry over is the incredibly weak security practices that still exist in so many organizations. 

It’s really true that ransomware is a tax on poor security practices. when it went EOL or by slow rolling your vulnerability patching program?  What about your use of a basic anti-spam solution when you should have been using a modern secure email gateway? And what about shortchanging your network security investments, security-team staffing, backup-and-recovery and user awareness programs?  These types of well-publicized attacks serve to shine an unflattering light on these areas of endemic security underinvestment.  And the cybercriminals’ role is to extract his tax on this underinvestment.

If you're looking for some tactical advice on how to be better prepared for WannaCry and its likely variants, check out this blog from my Mimecast colleague. When you are out of firefighting mode and want to reassess the defenses currently provided by your incumbent email security system, contact Mimecast to discuss our Email Security Risk Assessment program and your particular security priorities.

Matthew Gardiner

by Matthew Gardiner

Senior Product Marketing Manager

Posted May 16, 2017

You may also like:

Webinar: The 5 Keys for Dealing with an Email-Borne Ransomware Attack

Watch

Forrester Report: Email Security Threats: Not Just from the Outside

Download

Ransomware Email Security interview with Neil Murray Mimecasts CO FOUNDER & CTO

Watch