Web hack at­tack shows dan­ger of short sighted penny pinch­ing

Fingal Independent - - OPINION -

THE mas­sive cy­ber at­tack the paral­ysed com­pa­nies and state agen­cies across the globe in re­cent days has once again cast the spot­light on web se­cu­rity and just how vul­ner­a­ble many or­gan­i­sa­tions are to hack­ers.

How­ever, while much of the me­dia fo­cus has been on the hack­ers be­hind the at­tack the real is­sue ex­posed by the Wan­naCry ran­somware at­tacks is how woe­fully ill pre­pared many mas­sive cor­po­ra­tions and coun­tries were for the at­tack.

Most vic­tims of the at­tack were ex­posed be­cause in­di­vid­ual per­son­nel were conned by hoax emails which they opened and in so do­ing al­lowed the virus soft­ware onto their or­gan­i­sa­tions’ net­works.

Fri­day’s web cri­sis arose be­cause once the ran­somware virus had man­aged to in­fect a network in many cases nec­es­sary se­cu­rity up­dates to pre­vent such at­tacks had not been in­stalled.

The soft­ware used by the hack­ers is based on a spy pro­gramme de­vel­oped by US in­tel­li­gence agency the NSA the ex­is­tence of which was re­vealed af­ter a mas­sive se­cu­rity leak in April.

This pro­gramme was specif­i­cally de­signed to tar­get weak­nesses in Mi­crosoft’s Win­dows op­er­at­ing sys­tem and in March the global com­puter gi­ant re­leased a soft­ware ‘patch’ to cure the vul­ner­a­bil­ity in its sys­tem.

While this se­cu­rity up­date has been freely avail­able for months many or­gan­i­sa­tions – such as the NHS in the UK – had not in­stalled the up­date and were left vul­ner­a­ble to Fri­day’s enor­mously dis­rup­tive at­tack.

In many cases the vi­tal up­date had not been in­stalled as the af­fected or­gan­i­sa­tions – in a short term money sav­ing ex­er­cise – had cut spend­ing on IT and on com­puter se­cu­rity staff.

As a re­sult a drive for short term sav­ings has left many or­gan­i­sa­tions are now faced with a multi mil­lion Dol­lar bill to fix the gap­ing holes in their com­puter sys­tems. It is the very def­i­ni­tion of a false econ­omy.

In the wake of the at­tack the Ir­ish Gov­ern­ment and our state agen­cies de­serve praise. Bod­ies like the HSE were quick to re­act to the rapidly es­ca­lat­ing sit­u­a­tion and their fast and de­ci­sive ac­tion al­most cer­tainly pre­vented prob­lems on a mas­sive scale across the coun­try.

Many are quick to crit­i­cise Ire­land’s state agen­cies – par­tic­u­larly the HSE – but on this oc­ca­sion they dis­played great pro­fes­sion­al­ism in the face of a ma­jor threat. That should be greatly re­as­sur­ing to the pub­lic.

What will be less re­as­sur­ing is how many other na­tions and in­ter­na­tional com­pa­nies re­acted to the in­ci­dent.

The fact that the at­tack was ‘ac­ci­den­tally’ halted by a self taught 22-year-old com­puter ex­pert from the bed­room of his par­ents’ house should give many Gov­ern­ments cause for thought.

How is it that in a mat­ter of hours this young man was able to find a shut off the source of an at­tack that was baf­fling ex­perts work­ing for the Gov­ern­ments of the world’s most pow­er­ful na­tions.

Clearly some­thing needs to be done to im­prove web se­cu­rity. In­stalling free up­dates would seem a good place to start.

Newspapers in English

Newspapers from Ireland

© PressReader. All rights reserved.