WannaCry Event Underscores Need for Risk-Based Defenses

WannaCry Event Underscores Need for Risk-Based Defenses
Fotolia

The recent WannaCry ransomware outbreak infected 200,000 endpoints across 150 countries, highlighting the devastating effects of ransomware. While patching systems and preaching to users are prudent actions, those recommendations have proven ineffective. In a new report the IDC security team offers practical advice on how to take a risk-based approach to risk mitigation for improved protection.

"It should be obvious to anyone preaching patch and security awareness that we have hit the limits of their effectiveness. It's time to find cost-effective, scalable solutions that gain us patch independence and cover the final mile of security," said Pete Lindstrom, vice president, Security Strategies with IDC's IT Executive Programs.

In the new report, IDC analysts assert that to achieve patch independence, organizations must take a more realistic and cost-conscious strategy that favors more effective approaches and alternatives than available today. Organizations must take a risk-based approach to security that involves evaluating the practices and solutions in all identity, vulnerability, threat, and trust management domains.

To support security professionals in this effort, the new report outlines five best practices for an effective security strategy and program that's designed to address modern security concerns. In addition, the report outlines long-term planning strategies; these may include a data discovery and classification exercise to determine the location of critical assets and whether controls are properly deployed and configured to reduce the risk of their leakage to acceptable levels.