In the immediate aftermath of last week’s Wannacry ransomware attacks around the world, many organizations will consider how quickly and effectively to update older Microsoft operating systems and apply the necessary patches. The longer-term effects, however, will be more far reaching as governments and other organizations review their security policies to protect their systems against future attacks. This spells tougher requirements on IT services as well as service providers’ connections to client systems.
Tougher government policies on suppliers
The Wannacry attack in the UK crippled the National Health Service (NHS), putting people’s lives at risk. It is going to cost billions to put right, not only in terms of upgrading systems but also rescheduling operations and treating people whose condition will have worsened after the delay caused by the attack. The UK government must act and be seen to act to better protect vital services in the future. It is likely to unveil new stringent policies for cyber security.
While this spells new business opportunities for IT service providers to enhance the public sector’s cyber security, other service providers will feel the pain of even more longwinded procedures to connect to client’s VPNs when working on system integration or business process services. Many already have to apply to clients’ IT departments on a daily-basis to be allowed to connect to VPNs. More stringent requirements are likely to come into force.
Microsoft must face the music
Let us not forget that it was a Microsoft Windows vulnerability that enabled this attack. Microsoft must face pressure to continue to support its older operating systems for longer. There are often legacy systems that work only with older operating systems. A Windows upgrade can therefore be very costly. A cash-strapped organization, the NHS prioritises patients care over keeping up with Microsoft’s timetable for Windows upgrades and discontinuing support for older operating systems. This is something that the UK government must address. It has enough buying power to demand action from Microsoft.
Upgrade pressure on government agencies
Government bodies such as the NHS will be put under renewed pressure to upgrade their systems and keep them up-to-date. The organizations will no doubt demand extra cash to deal with the situation. Spending on cyber security is set to increase whether agencies find new money or redirect funds from other activities. This ransomware attack will therefore boost the IT market for end-point security if not the wider security sector.
Pressure on users
Users too will feel the pain of ransom“war”e. Tougher usage policies are likely to get enshrined in IT department guidelines. Users are likely to experience reduced flexibility as more organizations adopt desktop lock downs with workspaces become more centrally controlled and monitored to reduce risks.
With numbers and varieties of attacks increasing, all aspects of IT security will be tightened up. Even the most laggard of organizations will look to build better security controls across their broad IT services or risk loss of business, revenue, reputation and in some cases, the wellbeing of their customers.