Past three months have been crucial for cyber security. Wanna cry and then Petya attacks affected the business significantly. The important question is were these attacks preventable?
The two cyber attacks have been significant because of two reasons, first the recent ransomware attacks received widespread and mainstream media coverage, secondly, the more positive outcome of the two is that it reminds us of our shortcomings and highlights the need for building a more robust cyber defence system.
While the recent ransomware attack was substantial in nature, it was, however, it was minuscule compared to the IT infrastructure of the world. What can be easily inferred from this is that most of the organisations which weren’t affected by this are largely unaware of the need of an optimal cyber defence system. Another major inference is that those who were affected by this attack are trying to build a cyber defence system specifically to deter future ransomware attack. What is important here is that one should consider all possible risk to the business and build a security programme that works on mitigating risks comprehensively. A major lesson that can be taken from such attacks is that cyber security is now a mainstream business.
It is now important for organisations to integrated cyber security in their company strategy. Cyber security can no longer be neglected or kept as a subdivision of IT. There is a need to implement a holistic approach while designing the critical IT infrastructure. Though the ransomware attack was not successful in its agenda, and most of the organisations were able to shield themselves from such attack, but resting on such laurels would not be a good idea. Such attackers rarely have a tendency to repeat the same in future, they may improvise on their mistakes, so should we. One of the main reasons that some of the organisations were able to resist such attacks were because they invested in cyber security in a timely manner. In future, it would be important for any organisation to have a separate budget for cyber defence systems and have a real-time query capability to check for vulnerabilities in the system. What is important here is that an organisation can no longer afford to overlook the cyber defence system.