Businesses unprepared for another WannaCry attack, warns research

Organisations remain wide open to cyber attack, warn security specialists Tanium

The majority of businesses do not have the mechanisms and resources in place to be able to fight a cyber security attack on the scale of WannaCry.

This is the main finding of a new study from cyber security firm Tanium, which quizzed more than 500 IT security decision-makers from across the UK

According to the study, around one-third (36 per cent) of respondents admitted that they were alarmed by WannaCry, but this has not translated into change.

Two fifths (40 per cent) even believe that their organisation is more exposed to ransomware attacks than a year ago, although only 31 per cent of them have actually implemented new security solutions.

Overall, the consensus is that critical actions have not been taken, despite claims that cyber security threats are growing almost daily in number and complexity.

Nearly a quarter said they simply do not have the money to implement new security technology and policies

After the WannaCry attack surfaced last year, 62 per cent of British firms responded by reviewing their security systems. Meanwhile, 38 per cent redefined these processes.

However, this has not resulted in long-term action. The real picture is that businesses are struggling with basic cyber security tasks, such as patching, Tanium warned.

Most firms (66 per cent) have not tweaked their patch management processes to deal with the WannaCry attack, and 14 per cent admitted that the need to innovate quickly is also affecting their security practices.

One-in-five said their cyber security practices have not changed at all and are prioritising other areas of their businesses.

It's genuinely concerning that UK organisations claim to have learnt lessons from WannaCry, but are struggling to take actions to stop a similar attack from happening again

And nearly a quarter (23 per cent) said they simply do not have the money to implement new security technology and policies.

Matt Ellard, vice president of EMEA at Tanium, said it is clear that companies are leaving themselves open to attack.

"It's genuinely concerning that UK organisations claim to have learnt lessons from WannaCry, but are struggling to take actions to stop a similar attack from happening again," he said.

"The attack, which grabbed headlines all over the world, should have been a wake-up call for businesses to get their houses in order.

"However, legacy systems and architecture, fear of patching, fragmentation of point solutions, limited budgets and silos that exist within the IT operations and security teams are still leaving UK firms vulnerable to attack."