Ross Brewer, vice-president and managing director of international markets at LogRhythm, said both WannaCry and the latest attack showed "the lack of accountability and focus on basic IT and security fundamentals".
"Core IT operational competencies, such as patch management, back-ups, disaster recovery, and incident response are not well implemented or maintained," he said.
"These are absolutely essential in protecting your company from damaging cyber threats and without them you are left in a perpetually vulnerable state, a sitting duck for these types of attacks, merely hoping that you aren’t compromised. The only actions you take are responsive, only after some other unlucky company was compromised."
"But I think we can agree that recent events are starting to show that the warnings were warranted," he said. "These attacks are targeting our top businesses, banks, healthcare institutions and other critical national infrastructure, are revealing the chaos that ensues when organisations lose control of their data – when are we going to do something about it?"
Tenable technical director Gavin Millard also took aim at business IT teams, saying: "If this attack turns out to be leveraging the same vulnerabilities WannaCry leveraged to spread, or other known bugs that have had patches available for months, there are going to be some awkward conversations between IT teams that failed to patch or protect and businesses affected.
"The publicity around WannaCry couldn’t have been larger, probably eclipsing Heartbleed, yet if this is the same attack vector, it demonstrates a distinct lack of taking threats like this seriously.”
Yaacov Ben Naim, senior director of cyber research at Cyber Ark, said it had been noticed that the latest ransomware appeared to be sparing endpoints that used an US English-only keyboard, pointing out that this "seemingly self-imposed restriction has been seen in nation state attacks".
Malwarebytes ANZ regional director Jim Cook warned that this outbreak would not be the last. "If Shadow Brokers keeps its promise to continue releasing NSA exploits, it seems that this sort of mass infection will become common – so now is the time to ensure you have a decent back-up system, patch process and a current end point security solution in place."
Forcepoint chief executive Matt Moynahan said an important takeaway was "the undeniable trend in the increasing ease by which attackers can penetrate the perimeter and get inside of corporate infrastructure".
"Perhaps even more important to consider is the motivation behind the attack and the harm intended on the target. In this case it was to hold companies ransom for US$300; it could have been much worse. To address these new and evolving threats, we need to understand the intent and motivations behind them.
He said that if there was no investment in the cyber security of critical infrastructure "we will continue to see massive attacks with economic, employee and public safety ramifications. From the government to the boardroom, leaders need to make cyber resiliency a requirement, putting focus and funding behind it".
"While the perception may be that if we criminalise cyber attacks we will inhibit innovation, the reality is that if we do not treat cyber crime more seriously, attacks like WannaCry and Petya will start to feel even more commonplace than they already do.”
The Shadow Brokers, which dumped a number of NSA exploits, among them EternalBlue which was used in the WannaCry attack, has said that any future exploits would only be available for sale on a subscription model.