The WannaCry attack may have laid waste to vast tracts of the NHS as well as other organisations and individuals, but it appears to have also focused attention on cyber-security in a way that hasn't been seen before.
That's according to a survey conducted by technology research firm Vanson Bourne on behalf of Clearswift in which 600 business decision makers and 1,200 employees were asked about WannaCry. This included personnel in the UK, US, Germany and Australia.
WannaCry – a strain of ransomware that was spread by EternalBlue – struck in May and quickly racked up damage in the NHS and other organisations in 150 countries around the world.
Notable in a world where the public doesn't avidly follow the cyber-security news feeds, more than three-quarters (77 percent) of those surveyed in the four countries had heard of WannaCry, while in the UK it was a full 11 points higher (88 percent), possibly due to the NHS connection.
In the UK, 58 percent of firms expect another attack within a few months. Some 29 percent of businesses told the researchers they will add cyber-security to the board of directors' agenda, with a further 29 percent pledging to upgrade their cyber-security.
The research found that staff were increasingly concerned about the security of their employers' data and were taking steps to improve their security practices: 38 percent are reading more about security, 33 percent have changed their passwords, 24 percent have enrolled in courses and 26 percent were taking unspecified steps to help their companies improve their cyber-security.
However, in the public sector, attitudes toward security seemed laxer than in the private sector, the research said.
Despite the NHS hitting the headlines over WannaCry, UK staff fared poorly in the international comparison stakes as they were less likely than their peers in the US, Germany and Australia to change their passwords, read more about cyber-security or ask for advice.
The country with the most proactive staff was the US (49 percent) followed by Australia (43 percent), Germany (37 percent) and the UK (35 percent).
Among the young (aged 18-24), the likelihood of responding to knowledge proactively, by reading about cyber-security (55 percent of those who had heard of WannaCry) or enrolling in a cyber-security course (29 percent), was much higher.
Dr. Guy Bunker, senior vice president of products at Clearswift, said: “UK employees are worried about the practices of the custodians of their data, however the gulf between frontline security professionals and board members may at last be bridging, with close to a third (29 percent) now recognising cyber-security has a place at the boardroom table.”
He added, “An educated workforce that is well briefed on policies and procedures will go some way in limiting the effects of a breach, however boards need to take a proactive stance on this. Having the latest security technology enables organisations to stop attacks at the boundary, before they enter a network, by removing the source of an attack from documents and attachments shared into an organisation.”
