Feeling Vulnerable? WannaCry?

“Proactive steps can be carried out to reduce vulnerability, aimed at negating negative business impact”

WannaCry ransomware was first reported on Friday the 12th May 2017. It quickly spread to more than 200,000 computers in over 150 countries and was headline news and continues to be topical in many discussions.

Hackers reportedly used classified information stolen from the National Security Agency to develop WannaCry ransomware that exploited a vulnerability in Microsoft Windows. The impact is huge, both economic and social, estimates are still being tabulated, but could run into the billions of dollars.

An important question raised is about the potential disruption of social and economic activities with increasing dependency on IT systems for daily operations. Irrespective whether one’s computer was infected by this ransomware or not, it is imperative to fix the identified vulnerability by applying software patches available from Microsoft. For computers that were infected, the first step was to stop any further spreading by isolating impacted computers, followed by restoration processes for the computers and data affected.

A key word that has emerged and should be highlighted is vulnerability. The attack vector in WannaCry was vulnerability in Microsoft Windows desktop computer software. Software from other providers too could be targeted for attacks if there are inherent vulnerabilities in their software or associated tools.

The question is: “How to minimize or eliminate vulnerabilities to avoid a potential attack and impact on business?”

In the case of WannaCry, the solution would have been to patch Windows software by applying updates from Microsoft before the vulnerability was exploited. Similarly, for any other software, regularly applying patches released by the providers reduces vulnerability.

But what if one had not applied the patch, the focus would be on the recovery process. Because of an increased dependency on technology, it is important to have an effective recovery process in place. Again, in the case of WannaCry, those that did not have recovery plans in place may have been forced to pay the ransom.

To minimise “vulnerability” below are 4 steps proactive steps that should be taken by every regular user of information technology:

-Deploy preventative measures: maintain software and use prevention and detection tools such as up-to-date antivirus software

-Build awareness through education and communication

-Continuity planning – for businesses, there has to be continuity planning against various risks that could impact the business – back-up procedures form a large part of this

-Monitor and check – regularly testing these proactive steps and updating risk registers is key

Depending on the criticality of the use of IT these proactive steps could be carried out in way commensurate with the risk either by internal IT organisations or by outsourced IT service management providers.

The challenge, and an important point for business leaders or business owners, is in determining the level of risk and the proactive measures that can be afforded and secondly, ensuring that those proactive and preventative measures are being undertaken as planned. Making addressing these challenges part of the overall organisation risk management process is a key step to avoiding surprises.

If you wish to find out more about how Accelerate Evolution can assist your organisation in building and managing effective cyber-defense mechanisms, please contact us on: information.technology@accelerateevolution.ae

Adeel Farooqui | Associate (Alumni Network)

Adeel is an accomplished FMCG marketer and brand strategist with over 16 years of experience working with global and regional players, including Procter & Gamble and Marico. He has built and managed billion-dollar brands such as H&S, Pantene, and Tide, and has led growth strategies across developed and emerging markets in the Middle East, North Africa, and South Asia.

His expertise spans end-to-end brand management, go-to-market planning, innovation strategy, and full P&L ownership. Adeel has successfully guided market entries, brand turnarounds, and disruptive positioning initiatives for leading consumer brands. He is known for his ability to blend data-driven insights with strategic creativity to deliver tangible commercial outcomes.

Adeel holds a strong track record in upstream product innovation, design-led brand equity development, and cross-functional collaboration — especially within high-competition categories. He has also contributed to global brand strategy initiatives with a focus on brand architecture and communication frameworks.

While no longer active in day-to-day consulting with Accelerate Evolution, Adeel remains a valued member of our Alumni Network — offering brand-building expertise and marketing leadership grounded in deep regional and category experience.

Jo Metzke | Associate (Alumni Network)

Jo is a supply chain expert with over 20 years of experience across MEA, Eastern Europe, and Asia Pacific, working with global FMCG brands such as Coca-Cola, PepsiCo, GSK, and Mondelez. She has held both operational and strategic roles, specialising in network design, planning, and capability development across emerging markets.

Her expertise includes end-to-end supply chain network design, S&OP implementation, inventory optimisation, and ERP system rollouts such as SAP APO. Jo has led high-impact productivity programs with savings exceeding $20 million through application of best practices and supply chain transformation.

Known for her energy and clarity in execution, Jo brings a strong blend of technical depth and leadership in complex project environments. She is also a passionate marathoner and has completed all six World Marathon Majors.

In 2018, after leading a regional warehousing and logistics transformation project for an Accelerate Evolution client, Jo was retained by the client’s parent organisation to build out their supply chain capability. While no longer active in day-to-day consulting with Accelerate Evolution, she remains a valued member of our Alumni Network — offering deep expertise and continued support to our wider consulting community.