Back to basics in cyber security
DUBAI // People and companies should return to the basics of cyber security to protect themselves from threats such as the WannaCry ransomware attack, experts say. WannaCry has shut down hospitals, banks, transport systems and industry worldwide.
Similar attacks could be prevented by installing basic updates, security experts said at the Gulf Information Security Expo and Conference. Patching – a security update for an operating system such as that used on a smartphone – is key to cyber security, said Warren Mercer, of threat intelligence group Cisco Talos.
“This would have helped dramatically with WannaCry,” Mr Mercer said. “It would have stopped it hitting infrastructure.”
“The high-severity updates that are pushed out by companies like Microsoft, Adobe, Apple – they are not pushing them out for fun. They are pushing them out because of malicious and strong vulnerability.”
Experts at the conference, which ends today and was attended by more than 6,000 people, discussed ways to defend against the ransomware attack, which spread malicious software in more than 150 countries since May 12.
It hit train systems in Germany, shut down computers at the Russian interior ministry, cancelled and delayed treatment for thousands of patients in Britain, and affected phone companies in Spain. The source of the attack has not been determined.
“We need strong regulation for new technology and certification programmes to make sure that all systems are as strong as possible,” said Osama Elhassan, head of Dubai Health Authority’s e-health section.
Security consciousness across all entities must be raised, Mr Elhassan said.
Natalya Kaspersky, president of global cyber- security solutions company InfoWatch, said devices and systems remained unprotected in many regions of the world.
“This was not a targeted attack because it affected everyone from the UK to Russia who did not update their system,” said Ms Kaspersky.
“Basic protection is simple. Don’t download files from people you don’t know, update your systems regularly, don’t click on links from people you don’t know and you should be safe. This is basic and simple but unfortunately people just don’t do this.”
Experts forecast that cyber security would soon become an essential part of life.
“Cyber security is kind of like how health and safety was years ago” said James Williams, a vice president at engineering and infrastructure firm Parsons. “It should be considered part of everyday life.”
Mr Williams said organisations could prepare for an attack.
“If there is a compromise and the organisation is equipped with proper planning and has practised activities, much like a fire drill, that can be critical,” he said. “These are the types of policies, training and awareness that should be in place, above and beyond the technology.”