One Year After WannaCry, Only 3% Of Companies Are Prepared

13/03/2018

The WannaCry ransomware attack which peaked in May 2017 worldwide, infected more than 300,000 computers across more than 150 countries. What it did, was encrypting victims' computers and demand ransom payments in cryptocurrency.

One year after the attack, a survey called 'Achieving Fifth Generation Cyber Security' by Checkpoint revealed that:

  • The primary barriers IT and security professionals declare as standing between their organization and high level cyber security effectiveness are: staffing challenges, security conflict with business or user experience, and outdated security infrastructure.
  • 96 percent of organizations use various pre-attack preparation tactics, which include timely patching, search for attack trends, and end-user security campaigns inside the organization.
  • Security professionals as only moderately prepared to anticipate future attacks like Wannacry.
  • 41 percent of organizations faced at least one cyber-attack during 2017, with an average of 56 attacks per organization per year.
  • 67 percent of IT and Security professionals claim their organizations’ customers are inquiring which measures they are taking to protect their data.
Checkpoint survey

WannaCry was regarded as a fifth generation of cyberattacks, or 'Gen V attacks'.

This type of attack results in exponentially more damaging financial and reputational losses compared to Gen IV (e.g. Target’s 2013 breach) and Gen III (e.g. the ILOVEYOU virus in 2000) attacks. Another defining characteristic of this Gen V is that it is multi-vector, and can proliferate via other infrastructure elements such as remote office servers, cloud networks, traditional network endpoints, and mobile devices.

This complexities make companies still not prepared for such similar attacks in the future.

Adding to the problem, hackers have also created multiple variants of the WannaCry ransomware, while others created malware for different purposes.

"Countries and their infrastructures are being attacked every day, as we’ve seen with recent reports on alleged attacks on the U.S. power grids. At the same time, billions of dollars are being stolen or extorted in attacks on Bitcoin exchanges, ransomware attacks and high-level corporate phishing," said Gad Naveh who works with Check Point's Threat Intelligence and Research & Development team.

Checkpoint survey

Checkpoint that surveyed 443 IT and security professionals worldwide during January-February of 2018, found that only 3 percent of them are ready for Gen V threats.

When asked about the measures they use, the IT and Security professionals in the survey use:

  • Firewall, Antivirus and IPS are used by 97% of organizations.
  • 21 percent of those organizations also add additional layers of sandboxing and Anti-bot technology.
  • 3 percent added a layer of cloud security, mobile security and implement security technologies in prevention mode, as opposed to detection mode.

Only these 3 percent are securing their organizations at the highest level found as the survey was released - Gen V of security.

"Regardless of the organizations or motivations behind attacks, our critical infrastructure, personal assets, and business assets are at serious risk of becoming collateral damage," continued Naveh.

"It does not really matter who launches an attack or why — countries and global business communities simply need to defend themselves better — because the large-scale, multi-vector nature of these attacks are several generations beyond the average enterprise’s security capabilities. The reality is we’re spending trillions globally on military defense technologies, but investing only a fraction of that on defending businesses and infrastructure against cyberattacks."

Because cyberattacks have become the modern weapon of choice for crippling critical infrastructure, companies should work together as one, as a global cybersecurity community, to not only protect individual organizations but to also create a shared vision around protecting cities, nations, and the citizens within them.