14 DAY TRIAL // WannaCry and Petya ransomware infections have shown for the millionth time how critical it is for systems to be fully up-to-date, but despite the fact that thousands of computers were compromised, CIOs and IT pros don’t seem at all too concerned with the growing number of attacks.
A survey conducted by ISACA and involving 450 CIOs shows that not everyone is in a rush to install the latest updates released by Microsoft for the Windows operating system, and in some cases, IT pros wait more than a month before deploying the patches.
27 percent of the respondents admitted that ransomware infected systems in their organizations, but 76 percent of them claimed they are prepared for another attack against their networks.
15 percent of the IT pros said no new security measures were implemented following WannaCry and Petya and, even more worrying, 83 percent estimated that a new ransomware attack is expected very soon. And if it indeed happens, then 6 percent of the IT pros are ready to pay the ransom to have their files decrypted.
Updating systems not a priority
The most concerning thing is that less than 25 percent of the IT admins deploy patches within the first 24 hours of release, while others wait for more than a month to install it, despite the obvious security risks exposing their computers to attacks.
“Our poll shows that more than one in four organisations typically wait longer than a month to apply the latest software patches,” ISACA CEO Matt Loeb was quoted as saying.
“Given the escalating volume and complexity of threats enterprises are facing, placing greater urgency on rapid, comprehensive patching is a critical component of protecting an organization from the business- and infrastructure-crippling consequences of an attack.”
Systems that were fully up-to-date were secure against both WannaCry and Petya ransomware attacks, and Microsoft released an emergency patch for Windows XP to protect computers running this older OS as well. Stats have shown, however, that outdated Windows 7 systems were the biggest victims of WannaCry.