Whenever a calamity befalls, it’s only natural for people to try and rationalise and identify the problem.
As is now happening with the WannaCry ransomware outbreak that affected the UK’s NHS service, and other services in over 100 countries. People are discussing what should have been done to prevent it.
On one hand, there’s a debate ongoing about responsible disclosure practices. Should the NSA have “sat on” vulnerabilities for so long? Because when Shadowbrokers released the details it left a small window for enterprises to upgrade their systems.
On the other hand, there are several so-called “simple” steps the NHS or other similar organisations could have taken to protect themselves, these would include:
- Upgrading systems
- Patching systems
- Maintaining support contracts for out of date operating systems
- Architecting infrastructure to be more secure
- Acquiring and implementing additional security tools.
The reality is that while any of these defensive measures could have prevented or minimised the attack, none of these are easy for many enterprises to implement.