Recently almost all of the urban population heard/read about a new term – Ransomware! There were news articles, non-stop TV coverage and much hot air in general on this subject for a few days. We even had an experience of Bank ATMs remaining closed for some amount of time.
The golden question is – why Ransomware was so effective and what can be done to prevent or fight such issues in future?
Most of the discussions have been about only cyber security, antivirus, firewalls etc but if we delve just a bit deeper into this, we can actually find out that the response of many corporations was tangled in internal bureaucracy. Top bosses shot emails to their next in line and similarly it percolated down to lowest level IT personnel gradually. It was ad-hoc manual response in majority of cases where 100s or even 1000s of servers were patched manually by engaging every available person for 1-2 days.
Practically, it is very much possible to avoid such a situation. A proper implementation of ITSM along with Orchestration Layer integrating it with Server Side Automation would have drastically improved the response.
Instead of so many people sending mails and personally tracking progress of security patching, all it would need is raising few service requests in ITSM which would flow to server side automation via orchestrator. Automation component can easily pick up necessary security patch installer from software repository and apply the patch to 1000s of servers without further manual intervention.
A very large number of bank ATMs had very old unsupported software such as Windows XP. Still MicroSoft had released security patches for these too. Even then there was huge impact because first of all higher management wasn’t even having precise data of how many such ATMs exist that are vulnerable, what is their current patch level and how to apply new patches onto them remotely rather than physically sending people in a van to thousands of such ATMs (some of them are in difficult to access areas as well).
No wonder that a very large number of systems remained vulnerable to such Ransomware and people understood the problem only after it already affected them.
If there was a proper Discovery Mechanism in place that would keep CMDB updated about current software/hardware configuration and if proper triggers were in place where a software compliance check would automatically result in alerts to the management then majority of the machinery would be on latest secure software patches always – thus making them much tougher to hack.
Unfortunately, even now there seems reluctance in the corporate culture to recognize how critical IT is to any business and budget sufficiently for it. That is resulting in lack of proper ITSM-Discovery-Server Automation suite being in place in many such organizations and that is nothing but sheer bureaucracy. Merely purchasing such software doesn’t magically solve this situation. The implementation needs to be done properly and enhancements to suit a given organizations have to be brought in from time to time through configuration/customization in a controlled and disciplined manner. This will certainly reduce chances of such occurrences and also drastically improve response to it.
No point in being penny-wise and pound-foolish!