Not Patching your Agency’s Networks Can Make you WannaCry

While the US government has confirmed that none of its networks were effected by last weekend’s WannaCry ransomware, a recent presidential executive order could help make federal agencies more accountable for their cybersecurity even as it sets unrealistic deadlines.

Over the weekend, WannaCry exploited a Microsoft Windows vulnerability to shut down computers in 150 countries. Microsoft had issued a patch for the vulnerability in March, but far too many organizations didn’t implement the patch.

By Tuesday, officials were reporting that the ransomware may be linked to North Korea.

But President Donald Trump’s recent executive order should help push federal agencies into maintaining these simple updates by holding their leaders directly accountable to the president for their agencies’ digital security. A 2014 Federal Information Technology Acquisition Reform Act (FITARA) also demanded Chief Information Officers (CIOs) be given more authority to oversee and direct IT spending at their agencies.

Trump’s executive order instructs that agency heads:

  1. Modernize their IT systems and implement risk management measures using the National Institute of Standards and Technology’s (NIST) “Framework for Improving Critical Infrastructure CyberSecurity.”
  2. Provide the president with regular reports on better cybersecurity risk management efforts and critical infrastructure. The order highlights the nation’s needs for resilience against automatic distributed threats and prolonged outages associated with cyberattacks.
  3. Submit reports, where relevant, on strategic options to better protect the American people from cyberthreats.
  4. Implement education and training for their agencies. The order also formally calls out the need to train the American cybersecurity workforce.

Experts warn, however, that the order’s unrealistic goal to give each agency only 90 days to provide a legitimate risk management report is unlikely, which can make it difficult for agency directors and Chief Information Security Officers (CISOs) to know where to start.

“This latest attack exploited vulnerabilities in legacy systems that most everyone knew were there. It’s time to stop procrastinating and become more proactive,” said Sword & Shield Federal Vice President Raymond Kahre. “Apply the necessary patches, move your on-premise legacy systems to the cloud and reduce expenses in the process.”

He said that, in addition to contacting Sword & Shield Federal for products to help track and implement patches, the company also provides services like Strategic Security Assessments and Virtual Security and Compliance Consulting to help federal agencies.

“No agency or sub-agency CIO or CISO wants to explain to a congressional committee how an opportunity to reduce their risk landscape was not implemented” Kahre said. “FITARA provides a good mix of executive authority and time pressure to encourage Agency IT leaders to make the right choices to better secure their networks.”

In the meantime, Sword & Shield Security Consultant Rick Cantrell advises to take the following steps to protect yourself from the WannaCry ransomware:

  1. Update all systems using the provided link below
  2. Keep Anti-Virus software up to date and download the latest definitions immediately
  3. Consider the use of an Endpoint Detection and Response (EDR) solution such as Adlumin, Carbon Black, Crowdstrike, Sentinel One, or Cylance
  4. Backup your data to protect your information; save the backups off the network or in the cloud
  5. Scan all email attachments
  6. Educate employees on the malware infection through phishing and not open emails with suspicious attachments
  7. Subscribe to managed security services (MSSP) which provides patch management, vulnerability management, and 24×7 monitoring
  8. Perform penetration testing at least once yearly to determine if you may be susceptible to attack.
  9. Perform routine phishing assessments, at least quarterly to measure the effectiveness of training and mitigations


Comments are closed.