Lessons We Should Learn From The WannaCry Ransomware Attack
Governments around the world should view the recent cyber attack as a wake up call, but are they?
Lesson 1: Cyber attacks are transitioning from being a nuisance, to being potentially deadly.
If you’ve been following the news at all in the past few years you will have seen the landscape of cyber attacks shift from being an annoyance to average users, to targeted attacks on specific networks such as government or private businesses. Those types of attacks costed large amounts of money and halted useful services however they were unlikely to cause any damage beyond that.
The WannaCry attack shows us this is no longer the case. The scale alone is staggering, with numbers of 300,000+ systems compromised by the malware in 150+ countries. What’s worse is the indiscriminate nature of the attack, major hospitals in Europe and some other areas have reported critical systems going down forcing them to divert or turn away patients. We don’t know the human cost of this attack yet but reports indicate that it will be more than zero.
Looking into the future it’s easy to see these types of attacks becoming deadlier as we continue to integrate computers into more areas of life. Hacking a computer controlled car could easily prove disasterous for the occupants. Ransomware on a pacemaker or dialysis machine may put hackers in a position to directly demand money for a life.
Lesson 2: Governments needs to keep better track of cyber weapons.
The method that WannaCry uses to gain unathorized access to a system was originally developed by the N.S.A. and was released in a dump of classified files by a group calling themselves “The Shadow Brokers”. The U.S. government upon learning this information seemed to collectively shrug and announced that no US governement systems have (as of yet) been infected.
This type of response is indicative of the general attitude toward cyber crime. An attitude that lags much too far behind reality and will soon, if it hasn’t already, put the public in danger. Imagine if the Department of Defense had lost some blueprints for a new highly effective bomb and later had them released on the internet for every armchair terrorist to see. The proper response in both situations is a serious investigation to find out who let this happen, as well as a plan to prevent this from happening again.
Cyber security is a tough nut to crack for governments because politicians, judges, police, and even agency heads don’t understand what the stakes are.
Lesson 3: Operating system updates need to be taken seriously in both the private and public sectors.
About a month ago Microsoft released a security update which protects computers from the exploit WannaCry uses to gain access to the system. Despite a swift reaction from Microsoft, the malware tore through network after network around the globe because organizations didn’t update old systems.
There are plenty of excuses for holding onto an old operating system but no excuse will protect your system when it needs it. Organizations sometimes get themselves into a tough spot, maybe a vendor went under or software support for a critical system ended. A common example with WannaCry is hospitals using Windows XP, which has been unsupported for over three years now. The reason they haven’t upgraded is because the software they use for radiology only runs on XP.
Why have they been stuck with software that hasn’t been updated in more than three years? Because when it came time for them to migrate to a new system, leadership decided the monetary cost was too high. So many companies and governments make decisions like these, to save money by taking on future risk. WannaCry is what happens when you take that risk.
Lesson 4: We all must take ownership of personal digital security.
You are undoubtedly reading this from some kind of computer, how up to date is the operating system? Do you know what version you are running and what versions are available? Personal digital security is just a matter of staying proactive and knowledgeable about the devices you use on a daily basis.
Check for updates right now. It could mean the difference between everything continuing normally and being locked out by WannaCry 2.0 when that inevitably hits.