WannaCry Event Underscores Need for Risk-Based Defenses, Say IDC Security Experts



The recent WannaCry worm/ransomware outbreak infected approximately 200,000 endpoints across 150 countries, highlighting the devastating and inevitable effects of ransomware. While patching systems and preaching to users are prudent actions, those recommendations have proven ineffective over time. In a new International Data Corporation (IDC) report published this week, Pursue Patch Independence: Latest WannaCry Event Prompts Need for Risk-Based Defenses (IDC #US42570717), the IDC security team offers practical advice on how to take a risk-based approach to risk mitigation for improved protection.

ClicktoTweet: #WannaCry event underscores need for risk-based defenses. Learn more from IDC’s #security experts: bit.ly/2qfWyCm #CyberSecurity

“It should be obvious to anyone preaching patch and security awareness that we have hit the limits of their effectiveness. It’s time to find cost-effective, scalable solutions that gain us patch independence and cover the final mile of security,” said Pete Lindstrom, vice president, Security Strategies with IDC’s IT Executive Programs.

In the new report, IDC analysts assert that to achieve patch independence, organizations must take a more realistic and cost-conscious strategy that favors more effective approaches and alternatives than available today. Organizations must take a risk-based approach to security that involves evaluating the practices and solutions in all identity, vulnerability, threat, and trust management domains.

To support security professionals in this effort, the new report outlines five best practices for an effective security strategy and program that’s designed to address modern security concerns. In addition, the report outlines long-term planning strategies; these may include a data discovery and classification exercise to determine the location of critical assets and whether controls are properly deployed and configured to reduce the risk of their leakage to acceptable levels.

Related security research from IDC includes:

IDC PlanScape: General Data Protection Regulation Compliance for Marketers (IDC #US42473617)
IDC PlanScape: Data Security Principles and Practices for Digital Transformation (IDC #US42067416)
What to Count: Key Risk Indicators for Digital Security (IDC #US42067316)
Security Survey Analysis: Growing Interest in Data Security, Endpoint Security, and Network Security Products (IDC #US41694116)

For additional information about this new report or to arrange a one-on-one briefing with Pete Lindstrom, please contact Sarah Murray at 781-378-2674 or sarah@attunecommunications.com. Reports are available to qualified members of the media. For information on purchasing reports, contact insights@idc.com; reporters should email sarah@attunecommunications.com.


About IDC
International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries. IDC’s analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a wholly-owned subsidiary of IDG, the world’s leading technology media, data, and marketing services company. To learn more about IDC, please visit www.idc.com. Follow IDC on Twitter at @IDC.

Contact Information

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google