Web hack attack shows danger of short sighted penny pinching
THE massive cyber attack the paralysed companies and state agencies across the globe in recent days has once again cast the spotlight on web security and just how vulnerable many organisations are to hackers.
However, while much of the media focus has been on the hackers behind the attack the real issue exposed by the WannaCry ransomware attacks is how woefully ill prepared many massive corporations and countries were for the attack.
Most victims of the attack were exposed because individual personnel were conned by hoax emails which they opened and in so doing allowed the virus software onto their organisations’ networks.
Friday’s web crisis arose because once the ransomware virus had managed to infect a network in many cases necessary security updates to prevent such attacks had not been installed.
The software used by the hackers is based on a spy programme developed by US intelligence agency the NSA the existence of which was revealed after a massive security leak in April.
This programme was specifically designed to target weaknesses in Microsoft’s Windows operating system and in March the global computer giant released a software ‘patch’ to cure the vulnerability in its system.
While this security update has been freely available for months many organisations – such as the NHS in the UK – had not installed the update and were left vulnerable to Friday’s enormously disruptive attack.
In many cases the vital update had not been installed as the affected organisations – in a short term money saving exercise – had cut spending on IT and on computer security staff.
As a result a drive for short term savings has left many organisations are now faced with a multi million Dollar bill to fix the gaping holes in their computer systems. It is the very definition of a false economy.
In the wake of the attack the Irish Government and our state agencies deserve praise. Bodies like the HSE were quick to react to the rapidly escalating situation and their fast and decisive action almost certainly prevented problems on a massive scale across the country.
Many are quick to criticise Ireland’s state agencies – particularly the HSE – but on this occasion they displayed great professionalism in the face of a major threat. That should be greatly reassuring to the public.
What will be less reassuring is how many other nations and international companies reacted to the incident.
The fact that the attack was ‘accidentally’ halted by a self taught 22-year-old computer expert from the bedroom of his parents’ house should give many Governments cause for thought.
How is it that in a matter of hours this young man was able to find a shut off the source of an attack that was baffling experts working for the Governments of the world’s most powerful nations.
Clearly something needs to be done to improve web security. Installing free updates would seem a good place to start.