AlienVault recently conducted a survey of 233 IT professionals about how their roles have changed since the WannaCry and NotPetya cyberattacks in 2017. As you can imagine, these IT professionals are experiencing increased workloads:

  • Two-thirds (66%) are more up-to-date with patching than they were previously.
  • Half (50%) say that they are now using threat intelligence more regularly, to stay ahead of emerging threats.
  • In addition, 58% carried out a review of their organization’s cybersecurity posture following the attacks.

Javvad Malik, security advocate at AlienVault explained, “Working life has become much more difficult for many IT professionals in the wake of these attacks. But the preventative measures that many are engaged in, such as patching and security reviews, point towards a panicked reaction from management tiers. Given the unpredictable nature of today’s security environment, organizations should focus their efforts on detection and response.”

While these cyber attacks have affected the current roles of IT professionals, only 14% of respondents say that their budgets for cybersecurity have increased. And only 16% of those respondents say believe that their bosses and company boards have taken a greater interest in their roles.

The result – AlienVault believes that attitudes towards cybersecurity have hardly changed as a result of WannaCry and NotPetya

At Cybriant, we understand that many organizations tend to be reactive rather than proactive when it comes to cyber risk. You have a firewall and your employees use an antivirus, so what else can you do? You need to focus on the bottom line of your business – and not worry about the potential of a cyber attack, right? Well, let’s look at the stats:

WannaCry

  • 300,000 computers were infected across 150 countries.
  • Cyber risk modeling firm Cyence estimates the potential costs from the hack at $4 billion, while other groups predict losses would be in the hundreds of millions.
  • Companies like FedEx in the U.S., National Health Service hospitals in the U.K. and Telefonica in Spain were among those victimized: They and others that fell prey to the worm were ordered to pay $300 to $600 in Bitcoin to regain access to their encrypted files.
  • The US and UK assert that North Korea was behind the attacks.

NotPetya

  • Designed to spread quickly, and targeted complete energy companies, the power grid, bus stations, gas stations, the airport, and banks.
  • The attack has cost companies an estimated $592.5 million in revenue based on figures from U.S. Securities and Exchange filings and investor statements. That total includes money lost in quarterly and yearly revenue as well as financial and operational losses brought on the attack.

An ounce of prevention is worth a pound of cure

The fact is that these attacks (and many, many others) were made possible by poor operational security procedures (or lack of them). We recommend five basic, essential, fundamental cyber risk services that will help your company have a proactive security posture:

  • Security Awareness Training
  • Real-time Vulnerability Management
  • Responsive Patch Management
  • Endpoint Detection and Response
  • 24x7 SIEM with Security Monitoring

We even put these services in one integrated solution: Cybriant PREtect. Learn more about this affordable, subscription-based model at www.cybriant.com/pretect.