WannaCry, and Three Thoughts for the SAM Manager

On Friday, May 12, a virulent strain of ransomware went quickly around the world. Known as WannaCry, this ransomware hit hundreds of thousands of computers, including those from FedEx, Hitachi and the National Health Service in Britain, Nissan Motor and others. WannaCry searches for and encrypts 176 different file types and appends .WCRY to the end of the file name. It asks users to pay a ransom in bitcoins. The ransom note indicates that if payment is not made after seven days, the encrypted files will be deleted.

The Wall Street Journal on May 21 published an interesting article (subscription required) entitled “All IT Jobs are Cybersecurity Jobs Now.” I both agreed and disagreed with the premise of the article. To summarize, the article suggested that all IT staff needed to be retrained on security (I agree), but I disagreed that everything needs to be pushed to the cloud. Let me explain.

1.     According to Symantec, WannaCry spreads itself across an organization’s network by exploiting Windows vulnerabilities. Further, it is unknown how the first computer in the organization is infected. However, we do know those impacted were running Windows 7 (which ended mainstream support in January 2015). Organizations not patching Windows, or upgrading to current versions of the Windows operating system are prone to be impacted by this ransomware. The articles point that moving everything to the cloud is one safe option but is overly simplistic (most organizations have hybrid environments). Cloud-based organizations are also impacted by malware – a fact the Wall Street Journal also reported. No platform or operating system is fully secure, but the SAM manager knows that updating software can significantly lessen risk.

2.     SAM and ITAM managers know about the disconnect between IT operations and asset management. IT operations keep the lights on – SAM teams ensure that the asset is used in accordance with the license, that one is only paying for what is used (including maintenance) retirement and more. Not keeping track of old, out-of-date software or unused software is the responsibility of the SAM manager. SAM managers must share their information with IT operations (and vice-versa) and establish appropriate policies and procedures for all phases of the software lifecycle. This point dovetails to point number three.

3.     Lack of communication. While there may be many reasons why one organization is impacted, and another is not, for those organizations impacted, they either did not know about the security vulnerabilities or believed it was not something they needed to be concerned about. Everyone associated with IT needs to share information – and accept and utilize information from other groups like IT asset management. Further, organizations need to train and communicate with their all their employees on Cybersecurity issues – like opening attachments from unknown senders. Communication and sharing and utilization of data ensure that risk is minimized, disruption is kept to a minimum and the organization functions as planned.

As I developed this blog, I recalled back to an earlier article that I wrote for the ITAM Review, an online community for worldwide ITAM professionals. Interestingly, the article was written almost two years to the day and called out that Cybersecurity is everyone’s job. We clearly need to learn and do more.

For the sake of SAM and ITAM, the security of everyone’s data, business operations and shareholders, I hope that in 2019, I am not writing a similar article.

For additional reading, I suggest reading Flexera’s annual Vulnerability Review and Symantec’s annual Internet Security Threat Report.