Even After Wannacry, Many Companies Are Still Ignoring Network Security

Remember the global Wannacry ransomware attack? Remember the even more recent Petya attacks?

You would think after either of these, IT professionals around the world would have stepped up and immediately implemented better, stronger and more robust security protocols, because as those attacks proved, if the hackers want to, they can bring not just individual companies, but whole industries to their knees. That’s the kind of warning it just doesn’t pay to ignore, and yet, that’s exactly what seems to be happening.

According to new research published by Tripwire, even in the face of the recent global attacks, more than two thirds of industry data security professionals do not feel that their organizations have made the necessary improvements to guard against such attacks in the future. Here’s what the security professionals surveyed outlined as the biggest organizational challenges:

• 32 percent of respondents said their companies struggled even to know what devices were being connected to their networks
• 14 percent cited a lack of vulnerability management
• Six percent identified administrative privilege issues as being the main cause for concern
• And another six percent identified audit log attention as being the biggest point of weakness

You’ll almost certainly note that those numbers do not add up to 100 percent. That’s because the rest of the survey respondents indicated that there was no single point of identifiable weakness, but rather, that businesses were failing at all of the above.

Bear in mind that the average cost of a successful data breach is now $7.5 million, up five percent from just last year, and that’s before considering the costs of paying any ransom demanded by malware such as Locky-Diablo6, Wannacry and Petya, and yet, in spite of this, few companies are making any serious moves to improve their data security.

Don’t let your company fall into that trap. If your security isn’t as robust as you think it could be, take steps immediately. Failing to act makes your firm a ticking time bomb. It’s not a question of if the hackers will come for you, it’s a question of when.