Three years after WannaCry, what have we learned?

We’re only half-way through 2020. My nomination for word of the year so far is ‘unprecedented’. In the special category of cyber security it’s ‘cyber-resilience’ (yes, I know it’s actually two words). WannaCry (and all the other major outbreaks that preceded it) just reinforced what we should have been doing anyway. First point: do you have backups and archives (they’re not the same thing) and can you restore a system to a previously known good state without exceptional effort?…:

[…] Organizations should design resilient cybersecurity strategies that build off of the assumption that bad actors are already in their networks, and they must adopt steps actively to protect the integrity of their mission-critical systems, including implementing solutions at the following three protection layers within your network:

  • Communications/network protection, which provides organizations with the necessary tools for real-time analysis and threat detection;
  • Operating system/software protection, which grants organizations the ability to harden operating systems, authenticate all execution and actively protect the integrity of applications and data.
  • Hardware-level protection to validate the integrity of hardware and firmware while preventing modification of board initialization, system firmware and OS bootloader code.

These tools should include automated cyber event detection and response, data at rest and runtime protection and mechanisms preventing changes or reverse engineering of applications and data. Increasing the resiliency of your critical systems will help you fight through an attack and raise the bar for would-be attackers.


Original article here