Hopefully, the WannaCry ransomware attack did not affect your operations. If it did, you are probably a Windows user who does not patch your systems that often. Again, the Macs and the Linuxes of the world were spared.
The worm took advantage of vulnerabilities in older versions of the Windows operating system that allowed the infection to spread. All you needed to do was click on a malicious link and it was too late—that is, if you hadn’t installed the patches and updates.
Now that most of the scares are over and the files held hostage have been recovered, it’s time to so some self-evaluation. What went wrong, and how can it be avoided in the future? What’s interesting is that enterprises are not very often proactive when it comes to patches and fixes for operating systems.
If we can’t count on the humans to be more proactive, perhaps it’s time that we focus on the automation of these updates behind the scenes. How about taking it a step further and augmenting the updates with continuous security testing, as well as continuous improvement and advanced configuration management?
WannaCry should serve as a wake-up call for moving to DevOps and the cloud. Here's why.
Automation makes you more proactive
Core to the issue of this ransomware attack, and other recent attacks for that matter, is the fact that it was avoidable if users had been more proactive. That means applying updates, when available.
That’s not going to happen for most PCs that are owned by nontechnical types who find the updates to be annoying time wasters. Or worse, they think of the updates as attacks themselves, and thus avoid them.
Kaspersky Lab said that 98% of the computers affected by the ransomware were running some version of Windows 7. Less than one in a thousand were running Windows XP. Also hit hard were 2008 R2 Server clients. If you’re doing the math, that makes up just over 1% of infections.
By pushing the updates as part of an ongoing process where automation takes over, so that the platforms, including the Windows PC, are up to date and correctly configured, you would remove all of the vulnerabilities, and the data on those computers would be safe.
There’s also the fact that data on laptops is many times more vulnerable than data that exists in systems on premises. However, the safest place for data these days seems to be on public clouds. Yes, you heard that right.
The reasons are boring. It’s not super-advanced security technology. Public cloud providers are much more proactive with patches and fixes to native cloud systems and platforms that they provide as a service. Security vulnerabilities, such as those exploited by the WannaCry attack, are non-existent.
Moreover, the integration of DevOps best practices, processes, and tools makes a difference as well, both in cloud-based and traditional systems. This extends the proactive nature of the public cloud to on-premises systems, including PCs and mobile devices. Users get the best and latest software expeditiously and continuously delivered to their computers and devices, as well as the latest patches and fixes to eliminate vulnerabilities.
Taking proactive to the next level with DevOps
To be secure, you need to be both proactive and agile. While we would normally ask that people take on this role, automation is really the key here. Remove the humans from the processes and eliminate the risk of platforms not being updated, and attacks become unsuccessful.
DevOps is the natural focus of how to become more proactive and agile, so the concept of DevOps goes well beyond security. The idea of DevOps is to automate the development and configuration of software, including testing, integration, and deployment. The side benefit of DevOps is that OS updates are part of the process, and users who are at the end of a DevOps chain can count on having the latest versions of software, as well as the up-to-date patches and fixes, whether in the cloud or on premises.
Security may become a primary driver for some organizations. “DevOps is actually a boon for security folks, who can, with the right automation and operational tools, inject security earlier into the development process, and increase the security of the code that ultimately reaches production,” wrote James D. Brown, chief experience officer at JumpCloud, in an article for Wired.
While it’s clear that the use of cloud computing, DevOps processes, and DevOps technology seems to provide the greatest security, enterprises have still not adopted DevOps in large numbers. Moreover, they are not proactive when it comes to patches and fixes that will combat attacks such as the WannaCry worm.
Counting the cost of attacks
Many enterprises are just absorbing the attacks as the cost of doing business. However, users not having access to their files is one thing, while exposure of corporate data could cost the company billions in lost revenue, value, and public confidence. The cost of breaches could lead to the death of some companies. It’s confusing why they would not want insurance, meaning the use of cloud and DevOps, to prevent that from occurring.
The WannaCry attack is the new world order for enterprises. To prevent the majority of these breaches, just be proactive when it comes to system and software updates.
DevOps is not a magic bullet. It will also take a great deal of money and effort to put it in place. Most enterprises are moving to the cloud at the same time, and DevOps and cloud seem to go together, providing the best defense for the ongoing attacks. You can no longer avoid these technologies.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
