It’s been a year since WannaCry ransomware hit the NHS, but 40 per cent of businesses feel more exposed to a cyber attack than ever.
In a Tanium survey of 500 frontline IT security workers in the UK, around a third admitted there was panic immediately after the WannaCry attack, but many haven’t taken the action to protect themselves against such attacks in future.
Only 31% say that their organisation has invested in a new security solution since WannaCry, despite their boards claiming to have placed more importance on IT security since the attack.
Critical actions not being taken
According to findings UK firms responded immediately after the attack, reviewing existing security systems (62 per cent) and redefining the process for reacting to security incidents (38 per cent). However, immediate concern didn’t translate into long-term action.
Businesses are still struggling with basic systems management tasks, such as patching, which are essential in preventing future attacks. More than 66 per cent of respondents admitted that they haven’t improved their patch management process since the WannaCry attack.
For 14 per cent of respondents, the need to innovate quickly is causing them to compromise on their security practices. One in five say their cyber practices haven’t changed as other IT initiatives had to take priority.
Lack of budget held back a quarter of respondents from implementing cybersecurity technology and policies.
Matt Ellard, vice president, EMEA at Tanium, says the attacks should have been a wake-up call for businesses to get their cybersecurity in order,
‘Legacy systems and architecture, fear of patching, fragmentation of point solutions, limited budgets and silos that exist within the IT operations and security teams are still leaving UK firms vulnerable to attack’.
The accountability gap
Almost half (42 per cent) of the frontline IT workers surveyed believe their senior leadership team fails to realise how exposed their companies are to cyber threats.
Over a quarter say their organisation prioritises client entertainment and employee welfare initiatives such as Christmas parties while 43 per cent say they struggle to get funding for urgent cybersecurity projects.
As a result, one in ten admit they are not confident that their organisation could immediately respond to or recover from another WannaCry-style attack.
Ellard adds that we’ve seen countless breaches in the last 12 months and businesses need stronger defences against future attacks,
‘Businesses can no longer afford to overlook the scale of threats they face and the IT operations and security teams need to bridge the accountability gap to protect the network, company and customer data.’