Only half of CIOs updated security after WannaCry: report

By on
Only half of CIOs updated security after WannaCry: report

Research among CIOs and IT leaders has found that only half have implemented new security safeguards following the WannaCry ransomware attack, and only 15 percent plan changes in response to Petya.

This is despite 27 percent admitting their organisations have suffered ransomware attacks, according to IT governance non-profit ISACA's survey of 450 CIOs.

The vast majority (76 percent) said that their organisations were either highly or somewhat prepared to deal with the increased frequency on ransomware style attacks against their networks. However, only 50 percent of organisations have carried out staff training programmes to help them deal with the threat.

The research also found that less than a quarter of organisations are applying the latest security software patches within the first 24 hours of release. In some cases it can take over a month before the software is updated.

What is particularly concerning is that almost 15 percent of respondents said that their organisations won't take any further precautions following the Petya attack earlier this month, despite the fact that the vast majority (83 percent) expect further ransomware attacks in the future. Only 6 percent said they would pay the ransom.

"Our poll shows that more than one in four organisations typically wait longer than a month to apply the latest software patches," said ISACA CEO Matt Loeb.

"Given the escalating volume and complexity of threats enterprises are facing, placing greater urgency on rapid, comprehensive patching is a critical component of protecting an organisation from the business- and infrastructure-crippling consequences of an attack."

The WannaCry attack in May affected over 300,000 computer systems globally, and while the ransom was fairly modest at $300, it highlighted a widespread vulnerability to this style of attack that would be exploited again by Petya the following month.

However, following analysis of the Petya malware, experts now believe that its main purpose was to destroy data, rather than generate cash.

 

This article originally appeared at itpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © ITPro, Dennis Publishing
Tags:
cyber security isaca organisations petya ransomware security software patches wannacry ransomware attack

Partner Content

Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?