When the short-term fire drill of handling the WannaCrypt ransomware hack is over, we have to decide how we are going to handle these threats in the long term, and embrace the imperative of keeping systems up to date with the latest versions and patches. And while these threats can never be eradicated, all organizations are going to have to show that they have taken all steps to mitigate the risks as much as possible, not just for compelling reasons of security and business continuity, but to protect customer data sovereignty and, most importantly, ensure regulatory compliance.
So, there are 3 basic questions that should be asked in meeting rooms across all organizations in the coming days.
Are we using unsupported software?
While short term attention may focus on addressing desktop operating systems and whether or not they are still supported by the provider, longer term attention must be focussed on ensuring that supported operating systems are being used on organizations’ servers. The same challenges exist; supported platforms have patches available, non-supported systems don’t, and the impact of server hacking can be immense
How do I keep my systems up to date?
We must make keeping systems current and up to date with the latest patches a strategic priority. It’s not as easy as it first sounds, especially when you have disparate virtualized and distributed systems, all running slightly different IT stacks. Automation has to be at the heart of any viable keep current solution.
Is our data backed up?
Effective, regular and secure back up can minimize ransomware impact, by letting you get to a “clean” version of your data as soon as possible. Once again this need to be automated to be scalable across large IT estates.
As we come to terms with the full impact of this latest attack, it’s hard to see an upside. But if we take this opportunity to finally move to a long-term IT approach which is cognisant of the threats that we face in 2017, one that focusses on system currency, supportability and retrievability, then there may be a silver lining to this awful situation.
Zynstra Cloud Managed Servers are centrally managed with distributed installation, commissioning and keep current functionality to provide a very low support overhead through its lifecycle, enabling the automated patching and updating of hundreds or thousands of standardized remote sites.