You’re probably sick of the ‘W’ word being blasted over tech media and marketing spam by now. Nonetheless, WannaCry marked such an important point in information security history that it’s worth revisiting.

Counting the cost

The first-hand impact experienced by everyday citizens is what thrust the cyber security headline into the news spotlight during May 2017. Over 19,000 appointments across 603 NHS organisations were cancelled, Renault factories ground to a halt, Deutsche Bahn ran out of steam; the list is exhaustive. WannaCry was ruthless in its pandemic nature — punishing vulnerable systems exposed to the internet, neglected by businesses and governments worldwide. Cyber risk modelling firm, Cyence, speculates the loss incurred from WannaCry to be in excess of $4bn, whereas Lloyd’s stated losses could be as high as $121bn — that’s over eight times more than the damage costs Haiti suffered from the earthquake in 2010. Regardless of how these risk organisations came to these astronomical figures, presenting them to any risk management board should be enough to guarantee a little bit more budget for your security shopping list.

This new real-world example of the risks and repercussions of an ineffective approach to information security sparked a new wave of outcry from IT program managers who in some cases were finally being listened to. NHS Digital lead the charge by pledging to “reprioritise £21 million in capital funding from existing IT budgets to improve cyber-security in major trauma centres”. Gartner, leading global research and advisory, forecasts worldwide enterprise security spending to total $96.3 billion in 2018, an increase of eight percent from 2017. WannaCry may not be the only culprit to thank here, as we have also seen other high-profile incidents over the last year such as NotPetya, and one of the largest breaches in history courtesy of Equifax. In contrast however, a survey conducted by AlienVault revealed that 14% of respondents had their budgets for IT security increased. Ultimately, only time will tell.

Spend it wisely

Regardless of funding and security budget, the most important factor in any security program is how it is spent. Always aim to maximise return on investment in terms of operational capability. Too often engineers are left supporting ad-hoc solutions because the technical leaders within an organization were not made part of the purchasing process. Empower your operational teams with tools fit for purpose and involve them in the security program design phase. Your boots-on-the-ground staff will always have the best insight into the pitfalls and challenges unique to your environment; challenges that management often overlook when trying to shoehorn the latest “Next-Gen” product into development. WannaCry has not only been a great opportunity for increased security budget, but also an opportunity for salesmen to have more leverage on their pitches for top-tier solutions. In the end we preach the same mantra: do your basics, and do them well. Implement a solid foundation and entrust your technical leadership to build from there.

As part of our consultancy ventures we have certainly seen an increase in the sense of urgency and importance of security solutions since WannaCry hit the headlines. Executive boards are more receptive, management are more efficient and system administrators welcome a helping hand opposed to holding a cross and holy water to any security assessment change requests. An enterprise client of ours stated that when the news broke, they caught up on over 14 month’s worth of patching over a single weekend. There are many similar statements, which begs the question: was WannaCry a blessing in disguise? We certainly hope so.

Sign up for ‘NCL Insights’

Your trusted source for innovation, technology insights, and market trend analysis.

Why Choose NCL?

For over a decade, we’ve developed a strong reputation amongst our customers and partners for consistently delivering services which help businesses perform optimally and securely. This is why the relationships we’ve developed over the years have become long-standing and deeply trusted.

We’re very proud to have provided continuous IT support to the MoD for over 12 years. This length of service is a testament to the trust the MoD place in our people to deliver results, time and time again. Today, we provide situational awareness of the MoD’s globally-deployed application performance while assisting in troubleshooting issues and collaborating with other delivery partners to solve problems faster.

The lessons we’ve learned in Defence are applied to our engagements with customers in the enterprise sector too, ensuring robust network and cyber management for medium to large scale organisations. We use our long-standing experience in end-to-end performance management as a foundation for all of our services, so we can better define a customer’s complete requirements and deliver a more effective solution, whatever the field of technology. Offering market-leading technology and trusted managed services from ‘Floodlight’ - our own UK sovereign SOC, we work closely with customers in Driving Digital Vigilance across industry sectors.

NCL ‘Industry Insights’ Monthly Newsletter

The NCL monthly newsletter will provide a concise roundup of all the need to know information for IT teams and leaders.