WannaCry Virus Attack: Was the Wakeup Call Loud Enough?

Published on 29/08/18 & Updated on 26/02/26.

The Wannacry virus attack was the biggest digital ransomware attack in modern history.

You’re probably sick of the ‘W’ word being blasted over tech media and marketing spam by now. Nonetheless, WannaCry marked such an important point in information security history that it’s worth revisiting.

Counting the Cost

The first-hand impact experienced by everyday citizens is what thrust the cyber security headline into the news spotlight during May 2017. Over 19,000 appointments across 603 NHS organisations were cancelled.

Renault factories ground to a halt, Deutsche Bahn ran out of steam; the list is exhaustive. WannaCry was ruthless in its pandemic nature — punishing vulnerable systems exposed to the internet, neglected by businesses and governments worldwide. Cyber risk modelling firm, Cyence, speculates the loss incurred from WannaCry to be in excess of $4bn, whereas Lloyd’s stated losses could be as high as $121bn — that’s over eight times more than the damage costs Haiti suffered from the earthquake in 2010.

Regardless of how these risk organisations came to these astronomical figures, presenting them to any risk management board should be enough to guarantee a little bit more budget for your security shopping list.

This new real-world example of the risks and repercussions of an ineffective approach to information security sparked a new wave of outcry from IT program managers who in some cases were finally being listened to.

NHS Digital lead the charge by pledging to “reprioritise £21 million in capital funding from existing IT budgets to improve cyber-security in major trauma centres”. Gartner, leading global research and advisory, forecasts worldwide enterprise security spending to total $96.3 billion in 2018, an increase of eight percent from 2017.

WannaCry may not be the only culprit to thank here, as we have also seen other high-profile incidents over the last year such as NotPetya, and one of the largest breaches in history courtesy of Equifax. In contrast however, a survey conducted by AlienVault revealed that 14% of respondents had their budgets for IT security increased. Ultimately, only time will tell.

Spend It Wisely

Regardless of funding and security budget, the most important factor in any security program is how it is spent. Always aim to maximise return on investment in terms of operational capability. Too often engineers are left supporting ad-hoc solutions because the technical leaders within an organisation were not made part of the purchasing process.

Empower your operational teams with tools fit for purpose and involve them in the security program design phase. Your boots-on-the-ground staff will always have the best insight into the pitfalls and challenges unique to your environment; challenges that management often overlook when trying to shoehorn the latest “Next-Gen” product into development.

WannaCry has not only been a great opportunity for increased security budget, but also an opportunity for salesmen to have more leverage on their pitches for top-tier solutions. In the end, we preach the same mantra: do your basics, and do them well. Implement a solid foundation and entrust your technical leadership to build from there.

As part of our consultancy ventures we have certainly seen an increase in the sense of urgency and importance of security solutions since WannaCry hit the headlines. Executive boards are more receptive, management are more efficient and system administrators welcome a helping hand opposed to holding a cross and holy water to any security assessment change requests.

An enterprise client of ours stated that when the news broke, they caught up on over 14 month’s worth of patching over a single weekend. There are many similar statements, which begs the question: was WannaCry a blessing in disguise? We certainly hope so.

Can We Help With Your Cybersecurity?

The crisis highlighted the vulnerabilities many businesses had, with many still having easily addressable flaws.

At Net Consulting, we are helping out clients ensure their digital defences are up to scratch.

To find out how we can help you, get in touch.