Security company Clearswift has uncovered changes in attitude to cyber security as a result of WannaCry. Organisations are now more concerned that they will suffer a cyber attack in the next few months. It has also raised questions as to how personal data is protected by organisations. At the same time around 25% of respondents say this has put cyber security on the boardroom agenda. It does beg the question of why it wasn’t already there.
According to Dr Guy Bunker, SVP Products at Clearswift: “UK employees are worried about the practices of the custodians of their data, however the gulf between front line security professionals and Board members may at last be bridging, with close to a third (29%) now recognising cyber security has a place at the boardroom table.
“Organisations need to answer the clarion call we are hearing from employees to learn from these events and start to raise their game and update their policies, procedures and technology to mitigate against future attacks as well as preparing for the introduction of new data regulations that are on the horizon.”
Will the legacy of WannaCry be improved cyber security awareness?
From the information uncovered by Clearswift it appears that WannaCry has been a watershed in public awareness. It appears to have finally made people question how their data is protected by companies. This has led to employees wanting more information about cyber security. The impact of this, according to Clearswift is that:
38% of employees are now reading more about cyber security
33% have changed their passwords
24% have enrolled in cyber security course
26% are seeking to get their employers to raise the level of cyber security
These are encouraging numbers although how sustainable they will be in the long run is questionable. Passwords should be changed regularly. What is not clear is if the 335 of users changed just their work password or changed ALL their passwords? Another unanswered question is did they made their passwords stronger? If the same people are questioned again in two months will they say they have continued to change their passwords?
These are all valid questions to establish if this is a knee jerk reaction to WannaCry or a longer lasting impact. It the latter than the aftermath of WannaCry could be that it has done more to improve cyber security than harm it. Of course, those who lost data may disagree but there is always hope.
What does this mean?
The changes in attitude towards cyber security that Clearswift believes it is seeing is good news. The more educated users are the harder it will be for cyber criminals to succeed. However, we have heard similar statements in the past that have come to nothing. Users have to adopt more than just passwords to protect themselves. If the service that they are using doesn’t support multi-factor authentication then they need to consider using an alternative.
Enterprises should already have strong passwords in place. It also needs to add multi-factor authentication to protect both users and the business. The fact that the boardroom has a short memory is shown by the fact that WannaCry has put cyber security on their agenda. In reality it should have been already there not waiting to be added.