One in ten companies in the United States suffered from an infection from the WannaCry ransomware attack, but it could have been worse as most firms were not ready to ward off that type of assault, new research found.
WannaCry hit in May taking advantage of a previously patched exploit the hacker group Shadow Brokers pilfered from the NSA.
The ransomware affected mostly computers running Windows 7 or even the outdated Windows XP that hadn’t been patched.
In addition, the following month, NotPetya reconfirmed and reiterated the risk that is out there.
Eighty-six percent of U.S. organizations had to “divert significant resources” to safeguard themselves during the WannaCry attack, according to the research from software lifecycle automation solutions provider 1E. Just 14 percent of respondents said their organization was prepared for such an attack.
In the manufacturing industry, this would not be a surprise, but the study also shows 86 percent of organizations don’t apply patches immediately after they release, thus leaving endpoints and entire networks exposed to such attacks.
Fourteen percent of respondents said they apply patches immediately, 36 percent apply them within one week after release, and 27 percent need up to a month for that, while 23 percent don’t apply patches within a month after release.
Following the WannaCry incident, awareness appears to have increased regarding the benefits of applying the necessary patches in due time. Seventy-one percent said their intent to stay updated has improved (the percentage rises to 87 percent when infected organizations are concerned), while 74 percent said “the experience of reacting to WannaCry has left them better prepared for future threats.”
The survey also found 70 percent of the 400+ U.S. IT professionals said they had to work over at least one weekend as a result of the WannaCry attack, while one in ten admitted to having worked three or more weekends.
The fact most organizations aren’t prepared for attacks that exploit already patched vulnerabilities is also reflected in the percentage of respondents who said they already migrated to Windows 10: 11 percent. While 53 percent said they are currently migrating to Microsoft’s latest platform, 28 percent said they are planning on doing so this year or the next, while 8 percent said they had no such plan.
As it turns out, though, 87 percent of organizations aren’t taking steps to accelerate their migration to Windows 10.
“There is growing a concern that we have entered an era in which this kind of attack becomes the new normal,” said Sumir Karayi, founder and chief executive of 1E. “WannaCry was a huge wakeup call that elevated security concerns to boardroom level — IT teams can’t afford to leave their organizations exposed.”