Why The Global Ransomware Attack Is A Wake-Up Call For Us All

An uneasy Monday morning awaits IT departments across the globe as the ransomware known as WannaCry continues to spread and cause havoc. Techies everywhere will be heard saying I told you so as businesses prepare to pay a very big price for not keeping their systems updated.

Over 200,000 cases in 150 countries have so far been affected in an unprecedented ransomware attack. Hospitals, schools, organizations and even governments all faced a ransom demand of $300 in Bitcoin or lose access all the files that people take for granted will be there on Monday morning.

Traditionally, so-called cyber-criminals have used every human emotion to tempt users into clicking on a link or download an attachment in an email. Once the seemingly harmless click has been completed, the perpetrator can threaten to encrypt all of your files or destroy your reputation unless a ransom is paid. 

However, the failure to update operating systems or apply ransomware stopping security patches is another vulnerability that should not be ignored. Although some will find it hard to believe, there are still businesses out there still running on the Windows XP operating system. I recently saw the famous logo on an airport PC which is alarming considering it has been out of support since April 8, 2014. 

Any attack that spreads by sniffing out any computer or server that isn't patched or protected by anti-virus will be a frightening prospect for any business running on legacy technology. Recent events should make the ROI for retiring those old Windows 2003 servers or XP operating systems much easier to present to the boardroom.

The big takeaway from this global cyber attack is that businesses of all sizes need a strategy to keep their entire estate safe. The belts and braces approach of taking regular backups or ensuring that their entire infrastructure is up-to-date with the latest patches had become a forgotten unsexy side of IT in a world ruled by shiny new tech and SaaS solutions.

Ironically, the evening before news of the attack broke in the media, I spoke with Chief Security Officer, Dale Drew from Level 3 about the vulnerability of healthcare security on my podcast. In the conversation, Drew revealed how recent findings suggested that victims are paying and nearly half of consumers haven’t even heard of ransomware.

As for home users, the next time you think about selecting 'remind me tomorrow' on a security update, maybe you should think twice before clicking ignore. A combination of ensuring windows is regularly updated with the latest security patches, and good old fashioned common sense is often the best defence.

With the rise of IoT, we now have more online devices at our disposal than ever before, and this list will only continue to grow. In many cases, some homes have more connected devices than a small business ten years ago. In the absence of an IT department, our shiny gadgets also require an element of responsibility and awareness.

There is also an argument that we are sitting on an IoT timebomb. We are yet to find out what will happen when companies choose to stop patching their products 3-5 years down the line. Equally, when purchasing a new smart TV, refrigerator or toaster, I suspect that few will be thinking about the software lifecycle when considering their purchase of the latest must-have gadget.

How many times have you switched on your tablet, laptop or smartphone and frustratingly hit skip on the annoying software update notification? I recently noticed that a friend's phone had an old operating system on their phone and complained about always being nagged to download the update.

Herein lies the biggest challenge around cyber security. Most people do not care about cyber security until they are the victim of a crime. Nobody wants to wait around for an update to download and will happily throw caution to the wind when it comes to online safety.

The same streetwise instincts that keep us safe from harm in any big city are now needed online too. The WannaCry ransomware attack is a very harsh lesson and timely reminder around the importance of ensuring all of our devices are regularly updated. As a result, maybe leaders will also finally agree to retire those bespoke developed software applications that are preventing businesses from making the leap from old unsupported operating systems such as Windows XP.

Behind the sensationalist headlines of cyber-apocalypse is the inconvenient truth that on this occasion much of the disruption could have been avoided. How the attack affected the NHS in the UK highlights the dangers of having critical infrastructure running on legacy technology.

Let me know your thoughts, experiences, and insights about this latest ransomware attack by commenting below.

================================

Thanks for reading. You can find my previous LinkedIn articles here that led to me being named one of LinkedIn's "Top Voices on Technology." You can also connect with me on Twitter at @neilchughes.