There’s an easy way to defend against attacks like WannaCry: Go mobile – ANITH
post-template-default,single,single-post,postid-9029,single-format-standard,eltd-core-1.1.1,flow child-child-ver-1.0.0,flow-ver-1.3.6,eltd-smooth-scroll,eltd-smooth-page-transitions,ajax,eltd-blog-installed,page-template-blog-standard,eltd-header-standard,eltd-fixed-on-scroll,eltd-default-mobile-header,eltd-sticky-up-mobile-header,eltd-dropdown-default,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

There’s an easy way to defend against attacks like WannaCry: Go mobile

There’s an easy way to defend against attacks like WannaCry: Go mobile

It’s easy to point to the crippling ransomware cyberattack dubbed WannaCry and see it as an example of the ever-worsening state of global cybersecurity.

There’s certainly a case to be made that things are getting worse, not better. When it’s not your dad’s computer, but hospitals and train stations that are hit, it definitely feels worse. But this kind of attack, while a serious escalation of the ransomware problem that typically affects individuals, isn’t so much a hacker problem as it is an infrastructure problem. And that specific problem is slowly going away, thanks to the rise of a mobile, cloud-connected world.

What the attack has really brought to light is that it’s going away too slowly, and that needs to change. And it will, because of simple math.

Whether it was North Korea or a pale-skinned basement dweller doing it for the “lulz,” the implication is clear: An irresponsible, determined hacker can fairly easily bring huge organizations like Germany’s Deutsche Bahn rail service and Russia’s Central Bank to their knees. One of the worst hit was the British National Health Service, where some ER doctors weren’t able to get x-rays and a cardiology clinic couldn’t access patient records to administer vital care.

That’s bad. But it’s important to note that all the affected equipment was almost universally running old, outdated and often unsupported versions of Windows. There are often practical reasons for this — many corporations and government organizations have custom software that only works with older operating systems, for example — but it’s a conscious choice to live in the past. If your MRI machine is running Windows XP, you have to know it’s a target. And if you didn’t, now you do.

(I’m not trying to put the blame on Microsoft — if anything, it’s to be applauded for making a rare exception in its support policy to push out patches for software that’s well past end-of-life.)

But there’s a reason you’re not actually hearing much about individuals suffering from WannaCry. That’s because if you’re updating your computer regularly, your system was patched before the crisis hit. Also, more recent operating systems like Windows 8, 8.1 and 10 were engineered from the start to run securely in today’s security minefield that is the internet (even if you accidentally download malware, Windows 10 “code integrity” will prevent unknown software from executing code).

Moreover, for individuals, most “computing” happens on smartphones. Smartphones are inherently more secure than desktop computers (mostly thanks to built-in sandboxing, where apps are isolated from each other). And since they’re wireless by nature, phones get regular over-the-air security updates, even for old OS versions.

None of this is to say the latest versions of iOS, Android, macOS and Windows are hack-proof. They aren’t. Any computer OS can be hacked, and humans still make dumb decisions (seriously, stop clicking on suspicious emails and clicking on links). But today’s systems are considerably harder to hack than their predecessors. Plus the cloud-connected nature of computing today makes it hard to pull off an effective hack: If all your data is in the cloud, why pay ransomware?

Certainly, none of this is much comfort to the companies and organizations affected by WannaCry. They consciously stayed on old software, got hacked, and are now paying the price. But they should be taking a very hard look at that cost-benefit equation in the wake of this recent hack. It’s not just the ransom itself but the lost productivity and time involved in fixing it and rearranging things.

Sure, it costs a lot to migrate an office full of PCs to new software. No question, buying a whole bunch of new x-ray machines is a tough pill to swallow when the old machines work just fine. For sure, pushing your workforce to a mobile-first mentality will take some expensive training. 

But stack that against the now-clearer dollar value in keeping machines running vulnerable legacy software. Consider that this hack originated from an arsenal of exploits that security organizations worldwide have a habit of stockpiling in secret, just to make sure they don’t get patched. Think about that kid in a basement somewhere, more than willing to cut the thread your world is hanging by, for nothing more than bragging rights.

So tell me: Is it worth it?

Source link

Anith Gopal
No Comments

Post a Comment