The threats are NOT imaginary.
The threats are real!
The visibility of the wannacry attack actually highlights how vulnerable the world is with its reliance on all things digital
Zero day exploits and known vulnerabilities are available for every operating system, including IOT devices.
Anything with a digital signature can be hacked.
Where it all breaks down is that in most cases there is a human who is attached to the device.
A human who has the ability to veto all security measures in their hurry to do something, anything with the device.
How often have we seen the “updates available” on our server, laptop, smart device or application and have been in too much of a hurry to apply them.
In most cases it would take 10 minutes out of our busy daily schedule, 10 minutes where we have to find something else to do – not screen related.
Most systems are now being designed to make it obvious, and will persistently tell us that we need to update.
What do we do?
We complain that we do not have enough time. We are too busy. We cannot stop for that brief space of time to increase our security.
The SMB patch for wannacry has been available since march, that is almost 8 weeks before the cryptovirus attack, but the impact was significant because we were too busy.
I thought that we had learned from the “code red” attack in the early 2000’s, that patching is a very important part of digital security, obviously not!
“Code Red” crippled the internet because of un patched SQL servers, the patch had been available for 3 months prior to the release of the virus.
Most of the problems with security in the digital world is US.
We are too focused on our tools to see the underlying features that have actually been put in place to protect us.
There is a quote I often use in my training “THERE IS NO PATCH FOR HUMAN STUPIDITY”
We are the weakest link in cybersecurity, in the digital chain where we should be the strongest.
In most cases we are very stupid!
Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework. Rapid Restart Appliance Creator. He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.