Stop WannaCry? Security Training is the Answer
Products are only a small piece of the security puzzle; we need to focus more attention on people, policies, and processes.
By Larry Walsh
In the past week, we had two major security stories break. The larger of the two is about WannaCry, the ransomware pandemic that’s already infected thousands of networks in more than 100 countries and shows no signs of subsiding. The other concerns new allegations of Kaspersky Lab colluding with Russian intelligence agencies, potentially opening risks to Western governments and businesses.
Let’s take them in order.
WannaCry is the latest in the surge in ransomware and, most likely, the largest outbreak of this malware type to date. While malware volume continues to rise each year exponentially, the security world hasn’t seen a pandemic of WannaCry’s magnitude in years. While many security experts and vendors advise updating Windows systems with a patch released by Microsoft, it’s not a cure. Even patched systems can get infected, and WannaCry is already morphing to evade the early preventative measures.
Kaspersky Lab, on the other hand, is a totally different situation. I wrote an analysis of the new allegations against the Russian security software vendor for Channel Partners Magazine, releasing some never-before-published data on Western biases toward Eastern European software vendors. While allegations that Kaspersky Lab is assisting the Kremlin’s intelligence operations aren’t new, the latest charges did come with fresh condemnations from the heads of all six U.S. intelligence agencies.
How are WannaCry and the Kaspersky Lab stories related? It all comes back to national interests and security training.
I’ve written this many times, and I’m reiterating it now: We spend too much time pushing security products and not enough time advocating and implementing security practices.
Why are security practices important? Consider this: Security is a four-legged stool made up of people, policies, processes, and products. We spend an inordinate amount of energy on the products, and not nearly enough on the people, policies, and processes.
What’s the cure for WannaCry? Patch the Microsoft Windows vulnerability, don’t click on unknown attachments or embedded links in e-mails and close network shares. None of these cures have anything to do with a security product, per se. The technology is a means for following a policy and facilitating a process, but it’s not the primary course of action.
The same could be said of the Kaspersky Lab allegations. Is the software company an extension of Russian intelligence? While politicians and policymakers are quick to cast aspersions on Eugene Kaspersky and the company that bears his name, even the FBI concedes that it’s found no evidence to back the allegations.
How do security partners counter such allegations or concerns? Knowledge. When properly armed with the right information and know-how, security partners can evaluate products expertly and convey that intelligence to their customers. Moreover, they’re able to make product selection decisions that are based on the best interests of their businesses. In the case of Kaspersky Lab, 2112’s data shows there’s more smoke than fire when it comes to these allegations; only insights and knowledge are the counteragents.
Analysts anticipate WannaCry will cause security stocks to surge. The initial response to breaches is always, “What can we buy to stop this or prevent it from happening again in the future?” But attempts to fix the problem via products are short-lived. The long-term play is security vigilance through increased knowledge and enhanced processes. Those two factors will create better outcomes, which, in turn, will create a better customer experience and lead to more product and services sales.