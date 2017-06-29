Home Gartner: Wannacry and Petya Ransomware point to Dangerous Disconnects between IT Operations and Security

Gartner: Wannacry and Petya Ransomware point to Dangerous Disconnects between IT Operations and Security

Gartner: Wannacry and Petya Ransomware point to Dangerous Disconnects between IT Operations and Security
The recent successful ransomware attacks – WannaCry in May and Petya this week – point to the large disconnect between IT operations, responsible for endpoint management (including patching), and Security groups, responsible for preventing malicious attacks against the organization.For years, security researchers at Gartner and elsewhere have been pointing out that well over 90% of malicious attacks use common vulnerabilities and can be prevented by keeping system patches up to date.  Yet, the patching process is obviously lacking and failing.

The WannaCry and Petya attacks are perfect examples of this phenomena.  The critical Microsoft MS17-010 patch, that prevents use of the ETERNALBLUE exploit that WannaCry and Petya used,  was released March 14th 2017, which is some two months before the May 12th Wannacry outbreak.

I have to think (hope?) that Security departments at most victim organizations were aware of all this — if not when the Microsoft patch was released, then a month later when the Shadow Brokers gang noisily released the exploit.

Read the entire article here, Wannacry and Petya Ransomware point to Dangerous Disconnects between IT Operations and Security

via the fine folks at Gartner

Gartner
Gartner Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. The company delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner to clients in approximately 10,000 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 8,300 associates, including more than 1,800 research analysts and consultants, and clients in more than 90 countries. For more information, visit www.gartner.com.
