Anyone who works in Information Security will tell you there are 2 golden rules to make your risk of being a victim of cybercrime as small as possible.
- Take backups regularly
- Keep your operating system and software up to date
Even with IT professionals preaching this all the time, there are still people who willingly never update their systems. Even worse, there are people that intentionally disable the automatic update and attempt to justify it. I compare these people to anti-vaxxers and call them anti-updaters.
Anti-updaters are users who claim that the automatic updates are hampering their ability to do work, and their numbers are growing. I get it, OS update tools like Windows Update are annoying, they’re instrusive, they always seem to pop up at the worst times, and they feel like they take forever. Even with all of those, there is no good justification for leaving your computer systems open to risk. a majority of the updates are security patches for known vulnerabilities. Without those updates, you’re leaving gaping holes in your network, open for anyone who is looking for them.
In March 2017, Microsoft released a security patch called MS17-010. It specifically addresses the SMB vulnerabilities that the Shadow Brokers stole from the NSA in 2016. If everyone had their automatic updates enabled, WannaCry may have had a much smaller attack footprint.