This past week thousands of companies and individuals in Europe, Asia, Russia and elsewhere were hit with a computer virus which encrypted data files such that systems came to a halt. The only thing showing on screens was a message demanding a ransom be paid via bitcoin currency within a short timeframe in order to unlock the data or the user risked loss of data forever. Hospitals were the most notable taking hits though it inflected many different types of companies and consumers. The reason perhaps for the Hospitals getting hit so hard – they are as much as 20 years behind the current technology curve as they use aged systems/data security measures as well as long outdated OS software versions such as Windows XP, Vista and even 2003 .
The principal reasons for the ease and speed with which this attack spread can readily be traced to several factors:
- The actual code which allowed a wormhole of destruction to be disseminated was developed by our own National Security Agency and it was stolen from their systems – makes you feel safe does it not !
- Far too many companies consider data security as an annoying add-on facility for their systems. It is not deemed as a fundamental necessity by some. Security is not about merely building a digital wall around systems then walking away thinking I am now fully protected. Security is about 24X7 diligence, multiple layers of redundancy plus the addition of monitoring systems testing not just the security layers, but the ongoing activity within the system. The assumption that no entity will scale the walls – pretty sad. Constant vigilance on who and what is going on in all systems and searching for questionable activity is mandatory.
- Companies and individuals continue to use OS systems which are no longer supported by their vendor of choice. Hacking in all its forms is a constantly evolving ‘art form’ for those in that fraternity of crime. Sad that firms and individuals have always known that their systems were vulnerable, but they ignored the facts and prompts from vendors to upgrade and or load patches. Why ? Lazy – incompetency of tech management, unwilling to pay the cost of moving to the latest software and in many cases IMO – the software they are running on is unlicensed.
- Finally, we have the seemingly unavoidable flaw in far too many humans who use computer systems. Despite knowing about phishing scams as well as dubious attachments arriving in emails – they open the mails and click on an attachment only to find out that they have launched a virus within their systems.
- The answer for companies – hire CIO/CTO types who have solid backgrounds in the technologies employed at the company. Sounds simple, but far too many CIOs are appointed even if they have never worked in a tech environment and therefore do not have a clue what to ask of their staffs – especially on issues such as security.
- Companies and individual consumers should stay current with an OS which is either the current or previous major release still being supported by the vendor. Keeping that software current with the periodic software updates is not something to put off except in the very rare situation.
- Having the proper security packages at the company as well as on consumer devices is a necessity.
- Simply put – ignore the obvious and you risk major damage or loss of data and access to one’s systems.