Fortinet released its Threat Landscape Report for Q2 2017. Among other things, the report draws an alarming conclusion: some organisations are not adhering to proper cybersecurity hygiene principles, managing to become infected with ransomware through exploits that were patched months ago.
In other words, network and device hygiene is one of the most neglected areas of cybersecurity in today’s world. Due to these poor practices, organisations are leaving themselves wide open to cyber-attacks. On the bright side, though, rectifying this issue does not demand many resources, and is something that’s completely solvable.
During its lifespan, the infamous WannaCry ransomware infected a breathtaking number of devices, with 300,000 computers being infected in May alone.
To fight against this, Microsoft released an emergency patch, even for those operating systems that are no longer officially supported, such as Windows XP. However, according to the report, many organisations just didn’t bother to apply it. To further prove this being the case, the Petya ransomware took advantage of the same already-patched exploit to spread, and was rather successful.
According to Phil Quade, chief information security officer at Fortinet, zero-day vulnerabilities are not to blame for these incidents. Primarily, it’s previously discovered vulnerabilities.
Even to this very date, new organisations fall victim to hackers due to outdated software. LG Electronics is one of the most recent examples.
So, what is there to learn from this? Undoubtedly, preventive measures are much better than curative measures. Unfortunately, researchers at Fortinet are not convinced the lesson will be heeded.