Since its discovery on Friday May 12, the WannaCry ransomware attack has continued to spread. According to European authorities, it has hit over 10,000 organizations and 200,000 individuals in over 150 countries. Although steps have been taken to slow the spread of this malware, new variations are surfacing. Jonathan Care, research director at Gartner, outlined steps that cybersecurity professionals must take immediately.
First and foremost, apply Microsoft's MS17-010 patch. If you don't have it, and you have TCP port 445 open, your system will be hit by ransomware.
Then take the following steps to guard your organization against future attacks of this nature:
Stay vigilant. Gartner’s adaptive security architecture emphasizes the need for detection. Ensure your malware detection is updated. Check that your intrusion detection systems are operating and examining traffic. Ensure that user and entity behavior analytics (UEBA), network traffic analysis (NTA) and security information and event management (SIEM) systems are flagging unusual behavior, that such issues are being triaged, and that incident handlers are responsive. Bear in mind that additional resources may be required to handle the volume of incidents, liaise with law enforcement agencies, and field questions from the public (and possibly the media). Keep technical staff focused on resolving key issues and let someone else answer external questions.
After the crisis, there will be time to learn lessons. At that point, organizations should review vulnerability management plans; re-examine approaches to not just protective measures but also key detection capabilities, such as UEBA, NTA and advanced SIEM; perform additional threat modeling; and consider carefully what risks are tolerable. It's also important to assess your cloud security.
Additional information can be found in Mr. Care’s Gartner Blog "Three Things to Do Immediately in the Wake of Wannacry."
Gartner analysts will provide additional analysis on cybersecurity threats at the Gartner Security & Risk Management Summits 2017 taking place in National Harbor, Maryland, Tokyo, Mumbai, India, Sao Paulo, Sydney, London and Dubai. Follow news and updates from the events on Twitter at #GartnerSEC.
Gartner, Inc. (NYSE: IT), is the world's leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities and build the successful organizations of tomorrow.
Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We're trusted as an objective resource and critical partner by more than 12,000 organizations in more than 100 countries—across all major functions, in every industry and enterprise size.
To learn more about how we help decision makers fuel the future of business, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.