As the world continues to feel the impact of the latest ransomware attack, cleverly coined WannaCry, this is an excellent time to reflect on a systemic approach to combating these types of attacks. Ransomware is not new. At its core, WannaCry exhibits both traditional and more cutting-edge ransomware characteristics. Although newer and more ferocious variants of ransomware have emerged and have evolved the anatomy of the attack, most ransomware is distributed in the classical email phishing technique, thereby exploiting the human vulnerability present in all organizations. Ransomware variants like WannaCry can be stopped in their tracks by leveraging existing IT best practices and existing tools, and exploiting interception technologies. So how is it that WannaCry was able to cause so much chaos across the world, effectively infecting over 230,000 computers across 150 countries? One crucial contributing factor is inadequate market education that lacks a cohesive voice within the security market.
Even with the best tools on the market, education is a critical component to a comprehensive security strategy. I personally have a seven-prong strategy (and growing) to combat these modern threats. This strategy includes aspects of:
- Patch management
- Permissions compartmentalization
- Mail security
- Endpoint security with crypto-interception capabilities
- Next-generation firewall, with advanced threat protection and globally managed web proxy
- Backup: extremely strong and tested backup, as well as recovery methodology
- Education: education and training of end users to help them avoid common threats
Given the gravity of the WannaCry disruption, it is time to take education beyond the boundaries of the organization, and leverage modern marketing techniques to help proliferate cybersecurity knowledge.
False sense of security
Too often, I have sat in meetings with heads of organizations who say, “My company is not under attack,” or “Bad guys don’t want our data, they just want government or healthcare data.” It takes an attack like WannaCry (on a scale large enough to be reported by the major news outlets) to get their attention. A false sense of security won’t protect anyone, and it’s time to become proactive rather than reactive.
I do not necessarily blame the end user entirely for the education gap. Cybersecurity vendors will leverage the “wait for the newest headline” tactic to help galvanize their pipeline activity. After the release of WannaCry, a flood of emails in and out of my SPAM mailbox promptly appeared from cybersecurity vendors describing WannaCry, and the reasons why their technologies are effective against it. Those vendor emails will stay in my spam folder.
It’s not just the tools and technologies that make the sale, it is also the vendor’s commitment to ongoing support and education. Even for individuals in the ITOps world, this education is lacking. Microsoft, for example, released a patch in March of this year to cover one of the many bases needed to help thwart the WannaCry exploit. This is a problem. Microsoft has unfortunately enabled the general perception within ITOps professionals of never being “bleeding edge” when it comes to Microsoft patching, or else risk potential downtime. However, when evaluating the massive disruption and acquisition of new technologies in the SecOps space, we as IT professionals are forced to ride the “bleeding edge” with our trusted security partners. For an effective strategy to come to light, we need these worlds to converge, and market education can help drive this message.
Effective marketing can be a vehicle to educate the market and the end user. Rather than awaiting the next CNN or MSNBC article describing an exploit, data exfiltration, or ransomware attack, security vendors can use more modern marketing techniques to help combat modern cybersecurity challenges.
Content Marketing: Content marketing is one of the most effective ways to bridge the gap between experiential learning and the establishment of new standards and best practices. By leveraging practitioner content within vendor blogs or syndicated sources, vendors can help educate not only ITOps professionals, but also end users on the current state of security and the anatomy of modern cyberattacks (and how to combat them) at all levels in an organization.
Better Documentation: We appear to be in an era of documentation decline. Effective marketers will need solid technical collateral to back them up on the journey to educate the IT Security professional.
Re-establish Trust: In today’s security landscape, it is unacceptable for an industry to create and maintain an ethos of mistrust of their vendors. The largest example is Microsoft’s management of their patches, but this is certainly not the only example. There has evidently been a decline in trust of vendor updates throughout the entire SecOps and ITOps space, and effective new marketing techniques such as content marketing, documentation, and market education re-establish and reinforce this much-needed trust.
Ransomware is not going away. New threat variants are not going away. Security vendors are doing tremendous things to battle the rising tide of new threats. But with the release of WannaCry, it is becoming increasingly evident that the education gap needs to be a major focus of the entire industry going forward.