3 WannaCry Talking Points to Win Security Buy-In

3 WannaCry Talking Points to Win Security Buy-In

By Ed Moyle

Jun 21, 2017 2:40 PM PT


By this point, most technology practitioners — and nearly all security practitioners — know about WannaCry. In fact, you might be sick of people analyzing it, rehashing it, sharing “lessons learned” about it, and otherwise laying out suggestions — in some cases, contradictory — about what you might do differently in the future. To the security practitioner, the level of unsolicited advice (frankly ) borders on the annoying.

That said, there is one avenue that seems to be underexplored: namely, the opportunity for frank and productive discussions with executives about security goals using WannaCry as an illustrative case study.

WannaCry was serious enough — and impactful enough — to create a lasting impression on many organizational senior leaders. To the astute technology or security practitioner, that represents an opportunity not available under normative circumstances: to forward critical items on the security agenda and potentially realize outcomes that are harder to sell without a concrete example to highlight.

With that in mind, below are a few “talking points” — conversations that can be initiated with senior management — along with the underlying issues and potential positive outcomes to address key problems that many organizations have. These are suggestions. Practitioners should adapt these talking points to their own environment, of course, or improvise based on their own particular needs.

Add a Comment

Your email address will not be published. Required fields are marked *