As the WannaCry ransomware continues to spread across the world-- according to European authorities it hit over 10000 organisations and 200000 individuals in 150 countries-- Gartner suggests 3 steps security professionals must take immediately.
Before everything else, one must apply the MS1170-101 patch. If it is not installed, and TCP port 445 is open, the system will be attacked by ransomware. Following that, here are Gartner's three steps to prevent further attacks of this nature:
Stop blaming-- While pointing fingers at others might be easy, one of the key stages of incident response is to focus on the root cause. In the case of WannaCry it is Windows XP. The OS can be embedded in key system as part of control packages, meaning vulnerable firmware may neither be accessible nor under one's control. As such, one must demand upgrades from the vendors of embedded systems (such as point-of-sale terminals, medical imaging equipment, telecom systems, and even industrial output systems such as smart card personalisation and document production equipment), even if such devices use other embedded OSs such as Linux or Unix variants. After all, it is safe to assume all complex software is vulnerable to malware.
Read more...