This is often the case with malware –
Yet the attack could the been prevented by basic IT practices, the report says. As early as 2014, the Department of Health and the Cabinet had written to NHS trusts, saying it was essential they had “robust plans” to migrate away from old software. In March and April 2017, NHS Digital issued critical alerts warning organisations to fix the exact bug in their Windows computers that later enabled WannaCry to rapidly spread.
It’s easy to blame the NHS when you see that the organizations were warned about that exact bug, yet didn’t update their software, but how many other organizations would do the same? Yes, I’m looking at many law firms, but lots of other businesses as well. It’s easy to say that updates and patching will cause a disruption and my business simply doesn’t have time for that right now, there are too many more important things to do. But, can you afford the disruption of having your data encrypted by a hacker?
That’s going to be more painful.