WannaCry: a clear reminder of our digital mortality
Josh Knight
Executive experienced in Design and Technology for the Emerging Neodigital World
It's that time of year again. The news outlets are ablaze with stories of chaos and pandemonium, social media is lit up with exaggerative reports and paranoid rants, and every bar and pub around the country is filled with people who have mysteriously become overnight Information Security experts. That's right - a high profile cybersecurity incident has hit the world's computers, and it's reminded us all of our digital mortality.
I want to avoid sounding like I'm trivialising WannaCry: it's one of the (if not the) biggest cybersecurity incidents of all time, and has affected a number of truly critical services around the world. Nothing can downgrade the fact that an attack which targets healthcare providers or emergency services is chilling and obscene; but we can take some useful learnings away from the events of the weekend just gone.
So what can businesses (and we as individuals) learn from the WannaCry Ransomware outbreak over the last weekend, beyond the usual "install all the latest patches"? Let's explore exactly that...
Your Digital life is as fragile as your Real life
I'm reminded of a friend who once explained "Honestly, I think if I permanently died in [his favourite online game], it would upset me more than if I actually died". While they may be the ravings of a mad Finnish guy (you know who you are!), they do ring true to some degree. Our digital lives are becoming as precious as our real lives - our memories stored in digital photographs and videos, our "love letters" relegated to the depths of Facebook messenger history, even our finance and assets becoming increasingly intangible - and yet we seem to spend far less time thinking about the "what if" than we do with our real life.
The average person today would consider it nuts to not have life insurance, home insurance, health insurance, and possibly a couple of other safety nets laying around - yet still a third of people don't even have a lock screen on their phone, let alone strong passwords or biometrics. To put it another way - while most people have a plan and peace of mind if their house is broken into, they give little to no thought to what happens if their digital life is ransacked and left-for-dead.
Have an escape route ready
Okay - maybe fewer of us have this planned and prepared in real life - but being able to change and move on from the past is a critical skill for survival. We all know it's important not to put all your money in one place, or for businesses to have alternative redundant systems in place "just in case" - the same is true for your digital life. When a large scale cybersecurity incident strikes, chances are it will exploit one specific vulnerability in one specific operating system. It's extremely rare you see incidents or exploits which target "pretty much everything" - most of the time, it's one specific group of users.
Why is that important? The more you tie yourself down to one technology, the harder it is to move away if it is ever compromised. The more you rely on just one service or brand, the more likely it is an incident will wipe out everything you have. So, while it's great your photos sync instantly between all your shiny silver devices, keep an eye out for alternatives you can "fall back" onto.
Clouds can't be shattered
Before I go on - I have to make this very clear - I'm not saying being in the cloud is more secure than on-premises. There's no such thing as a perfectly secure system, after all. But being "in the cloud" can be a surprisingly strong way of resisting cybersecurity incidents.
Consider this weekend's ransomware attack. Hard drives spun up around the world crunching numbers so fast it would make your eyes water - encrypting terabytes of data to try and extort a few bitcoin. For many of us, that sends shivers down the spine - "What if that were to happen to me?!" - but for some, we think "Oh, that would be a shame - I'd have to spend an hour or two reinstalling my OS, and resynchronising my files from the cloud". Neither are appealing, but I know which one I'd prefer to take.
While it's easy to understand the common worry of "putting too much of my life online", taking some steps to backing up, synchronising, and protecting your files in a trusted provider's service can be a great way to resisting the effects of some incidents. It won't make you invulnerable, but at times you may well feel it.
We can't all be security experts
Remember when a certain popular footballer broke his foot a few years ago, and overnight people in pubs around the world became instant expert metatarsal-specialist podiatrists? "Oh, in my view, he'll take more than 4 weeks to recover from that - it's a classic sign of..." - well, we can all be just the same when it comes to security.
Coming from a technical background, I wish I had a penny for every time someone said "I don't use AntiVirus, I know how to get rid of them myself", "I don't trust [company] with my data, I back it up like this instead", "Actually, my password is so secure I had to write it down...".
Simply put, the best thing businesses and individuals can do to protect themselves online is to stop pretending they know it all. Listen to the experts, read articles online, and take the time to make small changes like switching to a secure password vault, or disabling that pesky guest WiFi. You'll be happy you did when all your friends and colleagues are crying over the next big ransomware.
Stock up on Digital Survival Tools
So, to cut a long story short - your digital life may not be as fragile, precious, valuable or important as your real life - but day by day it's getting closer and closer. The more you do online, the more you have to consider how to stay safe; beyond the usual "install antivirus" and "keep up to date with patches" - but thinking in a whole new way. This isn't surfing the web any more - this is surviving in an ever-growing jungle.