WannaCry and NotPetya Have Barely Shaken the Corporate World Awake
Generally, when a major cybersecurity incident takes place, there's a lot of talk about "it" being the tipping point for companies and that they'll now start taking security seriously, that they'll invest in cyber, that they'll grow up from this point of view. With WannaCry and NotPetya taking the world by storm earlier this year and affecting thousands of companies across the globe, you'd think something would change for the better. That wasn't really the case, however.
According to a survey completed by the folks at Alien Vault over on Spiceworks, a community of tech professionals, only 14% of respondents said their cyber budgets had increased. Furthermore, data shows that only 20% have been able to implement some changes to projects that had previously been put on hold.
Budget is not everything, however. On a brighter side, 65% of respondents admit they are now more careful about updating to the latest security patches now, than they were before calamity stroke. Threat intelligence is also more frequently used by about half of the respondents in order to keep on top of the latest perils. Furthermore, nearly 60% have conducted a review of the cyber security elements in their organizations following the two major attacks from the first half of the year.
This is great news, obviously, because it means companies are taking their security more seriously now than they were before. Of course, a larger cyber budget would do wonders for any company, but as a first step, prioritizing safety precautions is great.
On the other hand, the attitude companies have towards cyber spendings isn’t that surprising. This is the type of money companies invest and don’t see actual rewards from. Sure, some attacks may be repelled, but it’s hard to quantify just how bad the damage would have been had the attackers managed to get through. Until you have your data exposed and you feel the consequences of that budget cut you can’t really know how useful it would have been to make the investment at the right time, wishing you could go back in time. Unfortunately, in most cases we’re programmed to learn from our faults. Organizations aren’t that much different.
The WannaCry change
The WannaCry and NotPetya attacks have pushed another change in the world, however, not just inside organizations. IT professionals are apparently having more frequent conversations about their work and online threats with friends and family. Their words carry more weight now that the general public is a bit more aware of the risks that lurk online. 22% of IT professionals that responded to the survey said family and friends are more interested in hearing about cyber threats, while 27% believe their organizations are now more attentive to the IT advice they hand out.
It's important for the world to recognize the risks of cyber attacks and the impact that falling victim to one would have. If you're an organization, then there are many trade secrets you're probably hiding, or contract details that are confidential, or other sensitive data that you don't want the world to know. Similarly, if you're a private individual, your data is just as important, but on a different scale - your data equals your cyber secrets. Anything hackers find on your unprotected devices can be used against you, whether that comes from direct access to your various accounts, or from correlating information on you. These cyber secrets are important to keep hidden because, ultimately, they make up what you consider to be your private life. They are things that you would not necessarily say out loud, or things that could alter the way your friends and family and coworkers look at you.
The notion of privacy means something different for all of us, and the word's meaning changes constantly. Maintaining our privacy, whatever that may mean to each of us, is important, which means that we must all take our cybersecurity seriously.