One year on from WannaCry and UK firms are exposed to cyber threats more than ever
Report finds that one year on, organisations are still exposed to malware danger
A year on from the WannaCry attacks that wreaked devastation on some firms and many UK organisations are still unprepared for another significant ransomware attack.
That's according to a new study by cybersecurity firm Tanium, which found that one third (36%) of respondents admitted there was panic immediately after the WannaCry attack, but nothing has changed since.
The survey of 500 frontline IT security workers in the UK found that two fifths (40%) admit their organisation is more exposed than they were a year ago. While, just 31% state their organisation has invested in a new security system since WannaCry, despite their boards claiming to have placed more importance on IT security since the attack.
The study found that UK firms responded immediately after the attack, reviewing existing security systems (62%) and redefining the process for reacting to security incidents (38%). But this has not translated into long-term action.
It said that basic systems management tasks, such as patching, which are critical to preventing future attacks, still leave businesses struggling. More than sixty percent (66%) of respondents admitted that they haven't improved their patch management process since the WannaCry attack, which has its one-year anniversary 12 May.
Other IT projects are getting in the way of security with one in five stating their cyber practices haven't changed as other IT initiatives had to take priority. Lack of budget was also cited by almost a quarter (23%) of respondents as a factor holding them back from implementing the cybersecurity technology and policies.
Matt Ellard, EMEA vice president at Tanium, said that it was genuinely concerning that UK organisations claim to have learnt lessons from WannaCry but are struggling to take actions to stop a similar attack from happening again.
"The attack, which grabbed headlines all over the world, should have been a wake-up call for businesses to get their houses in order. However, legacy systems and architecture, fear of patching, fragmentation of point solutions, limited budgets and silos that exist within the IT operations and security teams are still leaving UK firms vulnerable to attack," he said.