When you talk to CISOs and security directors, and ask the question, "What's the biggest threat you face today?" you expect them to say whichever nation-state we're blaming attacks on at the moment. But in reality, it's the problem of just being able to know what's in the environment; to know where organisations are vulnerable so they can then take the right approaches to addressing it.
One of the most frustrating things about WannaCry is that it leveraged a known vulnerability that had been disclosed for over a month. The patch had been available for Microsoft MS17-010 since March. So when it hit, everyone was really surprised that so many systems could be affected.
Unfortunately, the reality that we face is that organisations aren't patching these critical, easily exploitable vulnerabilities.
- Defines the term in security context;
- Discusses lessons learned from WannaCry and NotPetya;
- Shares concerns about the threat of IT impacting OT with catastrophic results.