Over the last week, a massive ransomware attack with the moniker WannaCry impacted tens of thousands of computers around the world. This cyberattack disrupted organizations as diverse as hospitals in the UK, auto maker Renault in France, and FedEx in the United States.
The blame doesn’t end there, however. Researchers credit the NSA for creating and weaponizing the ransomware code in the first place. And then there are the folks who stole the code from the NSA – who may or may not be the same people as the Shadow Brokers.
None of these attacks would have been successful, however, if it weren’t for additional culpable parties: IT administrators around the world who simply failed to install a two-month-old software patch from Microsoft.
The Blame Game in the Enterprise
Unpatched software is, in fact, one of the most significant categories of vulnerability in enterprises today, as I warned in an article for Forbes back in April 2015. You would think that the title of the article — The Cybersecurity Risk That Dwarfs All Others – would be enough of a wakeup call to have stopped the WannaCry attack dead in its tracks.
Why, then, did so many Windows systems remain unpatched, two months after Microsoft issued the fix? To answer this question, we must dig below the obvious answers.
Intellyx publishes the Agile Digital Transformation Roadmap poster, advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. As of the time of writing, Microsoft is an Intellyx customer. None of the other organizations mentioned in this article are Intellyx customers. Image credit: Harald Groven.