Follow Security Hygiene to avoid being a cyberattack victim
Photo Credit: Wired
Follow Following Unfollow Kunal Sharma
Sign in to follow this author
As the UK NHS, and thousands of other organisations around the globe reeled under the onslaught of the massive ransomware attack last Friday, we were all reminded of the importance of security basics. The attack was just a sneak preview of the risks facing all of us in an increasingly digitised world. Dubbed as “the largest ransomware attack observed in history”, with more than 200,000 victims in 150 countries, the attack drew major attention, because NHS was a key target and so it put human lives at risk. The attack meant routine health procedures being cancelled, emergency cases diverted, operations delayed and healthcare IT systems disrupted. Apart from NHS, US delivery giant FedEx, European car factories, Spanish telecoms giant Telefonica, Russian interior ministry, Germany’s Deutsche Bahn rail network, and more than 30000 organizations in China were among those hit.
While there is loads of material available on the internet explaining the origins of the attack and advice in terms of do’s and dont’s — like the excellent advice published by NCSC UK , we would like to use the opportunity to reiterate the most important tenet of computer security: Ensuring basic hygiene is the key to security. This means patching systems and devices, maintaining data backups, encrypting data at rest & in motion, implementing two factor authentication and training employees about basic security.
Just a quick review of the cyberattacks from the last few years puts this into perspective pretty clearly. More than 60% of the attacks utilised weak or stolen credentials. Again a similar percentage of major attacks used phishing or spear-phishing as the starting attack vector. This is primarily because a weak authentication system is easiest to break in a day and age where billions of our credentials can be bought from the dark web for a few bitcoins. The Wannacry attack also appears to have originated from spear-phishing emails, targeted at people within organizations, with the malware hidden in attachments that when opened, triggered the attack on the internal network. The attack also highlights the importance of patching- the victims were those who were running outdated operating systems or had forgotten to patch their systems with the available Windows updates. Had the unsupported Windows versions been patched, the scale of the WannaCry infection could have been significantly reduced.
We believe the Wannacry ransomware attack should act as the wake-up call for governments and citizens around the world. We must realize the risks- of cyber attacks, privacy intrusions and data thefts- that all of us are exposed to in an ‘always connected’ world. Moreover, as Internet of Things (IoT) moves from being a buzzword into our homes the pervasive connectivity of IoT devices magnifies our security risks.
As a first step we must acknowledge the security risks facing us and begin by following security basics: patching systems and devices, encrypting data, maintaining data backups and using 2FA on all our online accounts.
Looking for more of the latest headlines on LinkedIn?
Originally published at https://www.linkedin.com on May 17, 2017.