<img src="https://certify.alexametrics.com/atrk.gif?account=YiINr1zDGU20kU" style="display:none" height="1" width="1" alt="">

AcctTwo Blog

WannaCry: Yet Another Example of Why SaaS Is the Best Answer to Security Questions

WannaCry Ransomware Attack and SaaS AdoptionWe've written before about ransomware attacks back in February of 2016 and again in April of that year. In those cases, the attacks were relatively small and isolated to individual hospitals or healthcare networks. The recent "WannaCry" attack that began on Friday, May 12, however was massive and was reported to have infected more than 230,000 computers in over 150 countries. The attack was aimed at Windows operating systems, particularly older versions. For the uninitiated, ransomware is a malicious software virus that blocks access to the infected computer or network's data or threatens to publish or delete it until a ransom is paid, often in the untraceable cryptocurrency, Bitcoin.

WannaCry had its largest impact in Russia, India, Taiwan, and Ukraine. But Europe wasn't left untouched by the attack. Nissan's operations in England, as well as the National Health Services network of hospitals in England and Scotland, were hit hard. The attack on the NHS has caused a political uproar over the underfunding of the healthcare network's computer systems and security.

The U.S. fared better than Europe and other countries. This is apparently due to "a combination of luck, geography, and adherence to software updates," according to the USA Today. U.S. companies and end-users tend to run more current software packages and fewer pirated versions of Windows. WannaCry targeted certain data file types in older and unpatched Windows operating systems. Running legacy software that requires older operating systems to run is clearly a weak point here, as is running any enterprise software that relies on Windows to store system or data files. 

We also see the relatively high rate of cloud adoption in the U.S. as a key factor in minimizing WannaCry's impact here, and the aftermath of the cyberattack will probably push more U.S companies to adopt the cloud, especially for ERP. By contrast, cloud adoption in Europe has lagged behind the U.S. for data privacy and regulatory reasons. The back and forth around Safe Harbor and Privacy Shield agreements has made it unclear whether E.U. organizations are safe to store their customer data with U.S. cloud providers whose data centers aren't in Europe.

If your IT guy says 'We want to take our systems into the cloud," ask him 'How much money do you need?'

We attended a recent cybersecurity session at an energy industry finance conference, and cloud adoption was a recurring theme. The presenter, a former DoD security expert, explained that healthcare networks in the U.S. are targets for these attacks precisely for the same reason that Europe and other parts of the world have been targeted: They tend to run outdated legacy systems with insufficient security measures and their infrastructure tends to be out-of-date and vulnerable. Healthcare companies find themselves at a crossroads and we can only hope they'll choose to make the necessary changes. The data they leave unprotected are, after all, our medical records.

That same presenter finished with the quote of the conference: "If your IT guy says 'We want to take our systems into the cloud," ask him 'How much money do you need?'"

Topics: Cloud Computing / SaaS cyber-attack cloud adoption ranswomware