When critical systems rely on at-risk software, it is reasonable to expect that software developers like Microsoft, not governments, become more adept at notifying at-risk parties and ensuring systems become properly patched. Long-winded blog posts, emails, and available updates are unfortunately insufficient because many customers do not receive mainstream support or may not even know they are in possession of a vulnerable system.
On April 8, 2014, Microsoft ended its support of the Windows XP operating system on which WannaCrypt relied to propagate, and yet institutions around the globe continue to use it.
The world was quite different three years ago: the Internet of Things was a nascent but growing concept. Today the IoT is a major concern.
If we do not discover greater efficiencies to combat pernicious threats like WannaCrypt, and if we countenance the creation and abandonment of insecure software, we can expect to face a far greater cascade of threats that have the potential to cause significant digital and physical damage. And next time we may not be so lucky.
