As is now well-known, many of the prime targets of the devastating WannaCry and Petya attacks were organizations that had – for various reasons – fallen behind with their software updates, including things like Windows operating system upgrades and critical patching.
If there is any one lesson from WannaCry, it’s the importance of staying current with software updates. The ramifications of not doing so are increasingly severe. IT security is now not just a matter for IT departments – it’s a board-level issue. CEO jobs are at risk when a company suffers from a big breach or cyberattack.
Therefore, you would think that financial services companies, with their heavy investments in IT security and front-end systems, would be scrupulous about basics such as software updates. Back-end computer systems for financial institutions tend to be legacy oriented, meaning their software was likely originally installed 10 or more years ago – many are still running XP, which was the vulnerability point for many WannaCry victims.