Ken Turbitt Blog
Aidan Lawes Blog
Paul Gostick Blog
Dr Jenny Dugmore Blog
Shirley Lacy Blog
Alim Ozcan Blog
Juan Jimenez Blog
Ian Clayton Blog
Nas Ozcan Blog
Aidan Mills Blog

Women in Work Index 2018
What's driving the gender pay gap and what gains can be made from closing it?...

Ten Strategic Technology Trends for Government
Technologies that enable new service models for digital government must be at the top of the list for government organizations as they prioritize technology investments...


The Robots are Coming: Are CEOs Ready for the Era of Automation?
CEOs agree that robotics is going to make their companies more efficient, with 94% of those who've already adopted robotics saying that it's increased productivity in their business...


The 2015 Chief Digital Officer Study
More companies are appointing a Chief Digital Officer to join their C-suite - but are they doing it quickly enough?...


18th Annual Global CEO Survey
The United States has overtaken China as top target for growth for the first time in five years...

15 May 2017 | ITSM
Send to a colleague | Add to MY ITP

Gartner Provides Three Immediate Actions to Take as WannaCry Ransomware Spreads
Since its discovery on Friday May 12, the WannaCry ransomware attack has continued to spread...

According to European authorities, it has hit over 10,000 organizations and 200,000 individuals in over 150 countries. Although steps have been taken to slow the spread of this malware, new variations are surfacing. Jonathan Care, research director at Gartner, outlined steps that cybersecurity professionals must take immediately.

First and foremost, apply Microsoft's MS17-010 patch. If you don't have it, and you have TCP port 445 open, your system will be hit by ransomware.

Then take the following steps to guard your organization against future attacks of this nature:

  1. Stop blaming.  While it’s tempting to point the finger at others, one of the key stages of incident response involves focusing on root causes. Microsoft Windows XP, an OS that has been hit hard by WannaCry, can be embedded into key systems as part of control packages. This means that vulnerable firmware may be neither accessible nor under your control. Where you have embedded systems — such as point-of-sale terminals, medical imaging equipment, telecom systems, and even industrial output systems such as smart card personalization and document production equipment — ensure your vendor can provide an upgrade path as a priority. Do this even if you use other embedded OSs, such as Linux or other Unix variants, as it's safe to assume that all complex software is vulnerable to malware.
  2. Isolate vulnerable systems. There will be systems that, although not yet affected by malware, are still vulnerable . It’s important to realize that vulnerable systems are often those on which we rely most. A usefultemporary fix is to limit network connectivity — identify which services you can turn off, especially vulnerable services like network file sharing.
  3. Stay vigilant. Gartner’s adaptive security architecture emphasizes the need for detection. Ensure your malware detection is updated. Check that your intrusion detection systems are operating and examining traffic. Ensure that user and entity behavior analytics (UEBA), network traffic analysis (NTA) and security information and event management (SIEM) systems are flagging unusual behavior, that such issues are being triaged, and that incident handlers are responsive. Bear in mind that additional resources may be required to handle the volume of incidents, liaise with law enforcement agencies, and field questions from the public (and possibly the media). Keep technical staff focused on resolving key issues and let someone else answer external questions.

After the crisis, there will be time to learn lessons. At that point, organizations should review vulnerability management plans; re-examine approaches to not just protective measures but also key detection capabilities, such as UEBA, NTA and advanced SIEM; perform additional threat modeling; and consider carefully what risks are tolerable. It's also important to assess your cloud security.

Gartner Email to a colleague | Add to MY ITP

terms & conditions