Why WannaCry is the best thing that could have happened to Enterprise IS

Suddenly, people at the board level in small and medium enterprises were getting convinced that there is something called ransomware that could be potentially dangerous

Why WannaCry is the best thing that could have happened to Enterprise IS - IT Next
Why WannaCry is the best thing that could have happened to Enterprise IS - IT Next

The ransomware WannaCry made to the headlines globally as the most widespread malware attack ever witnessed, with more than 100 countries reportedly suffering from the attack. With WannaCry trending for days in social media, it made its way into common vocabulary.
Suddenly, people at the board level in small and medium enterprise were getting convinced that there is something called ransomware that could be potentially dangerous—something that they had been hearing only from their IT and information security guys. Even those organizations who have invested in traditional security solutions never took ransomware too seriously. WannaCry changed that forever.
Post the attack, they are more likely to listen to their IT/IS guys. And no, unlike earlier, the challenge before the IS is not just to have the budget to buy solutions. That’s the easier job today. A much tougher job is to convince the big bosses about the big business risk associated with cyber attacks and hence make the organizations stick to security policies. For some time at least, WannaCry can enjoy the status of cyber attack folklore.
Folklore, it is. There’s little news of ‘big disruption’ in business that have been reported. The bitcoin accounts associated with the attack have managed to collect no more than USD150K ransom till now. The amount seems like small change compared with the money that British Airways (BA) lost in the IT outage it suffered on May 27—estimated to be at least EURO 100 million. Yet, that got dismissed as a BA problem whereas WannaCry got projected as an industry-wide problem.  It is always easier to charge up people when there’s an external ‘attacker’—a definite villain.
So, here was an attack that caused little damage; helped you to convince your bosses about the possible threat and in some cases even established you as the competent IS manager who ensured that the business did not suffer despite the ‘big’ attack. What more could one ask for?

Add new comment