One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 448378 |
| Date de publication | 2017-12-11 14:00:00 (vue: 2017-12-11 14:00:00) |
| Titre | The Impact of NotPetya and WannaCry |
| Texte |
Another wake up call
Every time there is a major security incident many people claim it to be the “wake up call” the incident has needed. Surely, it stands to reason that if a big enough incident occurs, people will stand up, take notice, and take the necessary steps needed to make sure it doesn’t happen again.
To test out this hypothesis, we conducted a survey on Spiceworks. For those unfamiliar, Spiceworks has a large and vibrant technology community – one that extends beyond security, but is often made up of technology professionals that have varying degrees of security responsibility in their jobs.
In other words, the Spiceworks community are the ‘do-ers’, the ones at the coalface – so they represent perhaps one of the best section of technologists to ask.
Getting things done
One would expect that in the aftermath of such high-profile and devastating attacks, IT projects would be green lit and the money would start flowing.
The reality is a lot more subdued, with only 14% of respondents stating their cyber security budgets have increased, and only a fifth (20%) have been able to implement changes or projects that were previously put on hold.
The flip side
While budget may not be as free-flowing as one may assume, it doesn’t mean that companies have been completely negligent. 65% of respondents stated they are more up-to-date with patching than they were previously, and half say they are using threat intelligence more regularly to stay ahead of emerging threats. With a further 58% claiming to have carried out a review of their organizations cyber security posture following the attacks.
 
This is encouraging, as it means companies are not completely ignoring the challenges they face – and are leveraging existing investments to help get their companies in a better position.
Although, as the attacks have shown, prevention alone isn’t enough and it would also be prudent for organizations to focus their efforts on threat detection and response.
A makeover?
For IT professionals, 22% said their family and friends are more interested in hearing about their work, and 27% believe most people in their organization listen to their IT advice more than they did before.
Unfortunately, it hasn’t translated to great financial rewards with 10% have experienced an increase in job offers, or managed to negotiate a pay increase following the attacks.
Incident Apathy?
IT Security remains a challenging environment within which to work where resilience is the key to success. The sheer number of incidents that are reported on an almost daily basis may also be a contributing factor towards organizational apathy towards incidents.
While attacks cannot be prevented, and IT Security may be a cost that organizations have to bear as a price of doing business in the digital age. It doesn’t necessarily mean that there are no options.
Many security fundamentals can be implemented with little capital needed to source new products. Rather the |
| Notes | |
| Envoyé | Oui |
| Condensat | “wake ‘do able about activity advice aftermath again age ahead almost alone also although another any apathy are ask assume attacks basis bear been before believe best better beyond big budget budgets business but call call” can cannot capital carried challenges challenging changes claim claiming coalface community companies completely conducted contributing cost could cover cyber daily date dedicating degrees detection devastating did digital doesn’t doing done efforts emerging encouraging enough ensure environment environments ers’ every existing expect experienced extends face factor family fifth financial flip flowing focus following free friends fundamentals further get getting great green half happen has hasn’t have hearing help high hold hypothesis ignoring impact implement implemented incident incidents increase increased intelligence interested investments isn’t job jobs key large leveraging limit listen lit little lot made major make makeover managed many may mean means money monitor more most necessarily necessary needed negligent negotiate new not notice notpetya number occurs offers often one ones only options organization organizational organizations other out patching pay people perhaps place position posture prevented prevention previously price procedural products professionals profile projects prudent put rapid rather reality reason recovery regularly remains reported represent resilience respondents response responsibility review rewards said say section security sheer should shown side signs source spiceworks staff stand stands start stated stating stay steps subdued success such sure surely survey suspicious take tasks technologists technology test than these things those threat threats time towards translated undertake unfamiliar unfortunately using varying vibrant wake wannacry where which will within words work would |
| Tags | |
| Stories | NotPetya Wannacry |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.