The recent successful ransomware attacks – WannaCry in May and Petya this week – point to the large disconnect between IT operations, responsible for endpoint management (including patching), and Security groups, responsible for preventing malicious attacks against the organization.For years, security researchers at Gartner and elsewhere have been pointing out that well over 90% of malicious attacks use common vulnerabilities and can be prevented by keeping system patches up to date. Yet, the patching process is obviously lacking and failing.

The WannaCry and Petya attacks are perfect examples of this phenomena. The critical Microsoft MS17-010 patch, that prevents use of the ETERNALBLUE exploit that WannaCry and Petya used, was released March 14th 2017, which is some two months before the May 12th Wannacry outbreak.

I have to think (hope?) that Security departments at most victim organizations were aware of all this — if not when the Microsoft patch was released, then a month later when the Shadow Brokers gang noisily released the exploit.

