WanaCryptOr 2.0 has become a global sensation overnight thanks to its potency and reach, making it the biggest ransomware attack. It has breached personal and network computers in more than 150 countries, and this is surely the best indicator that the time is now for governments, organisations and citizens to give cyber security prime importance. Network infrastructure is the underlying foundation of every nation and we must do all that we can to preserve it.
Where did WanaCryptOr 2.0 come from?
Also known as ‘WannaCry’, it’s one of the most potent ransomware attacks that has reached some high-profile targets. Like all forms of ransomware, it enters a vulnerable machine and then locks it and demands payment of money to ensure access to files. The price to free your files from WannaCry? 300 Bitcoins. As per estimated figures, it reached 200,000 computers in more than 150 countries, making it one of the biggest and most coordinated ransomware attacks ever. Its potency is made worse by the fact that it can easily spread within a network and this should serve as a wake-up call for enterprises and governments to phase out obsolete machines.
In India especially, we are hurtling towards a digital economy. We are poised to be the world’s digital superpower but the biggest threat to that status is cyber security. As always, the weakest link in the most advanced systems is the human element that is always prone to click on a dangerous link or open a malicious attachment or reveal confidential information through social engineering. Whether we are ready or not, whether our networks are prepared or not, these issues are real and potent. Home-made attacks can cause enough damage as it is, and the extent and potency of nation state sponsored programmes is even more alarming. On a granular level they can spy on citizens, and on a larger scale they can sabotage a country’s critical infrastructure. So the question we need to be asking now is what can be done to solidify our network infrastructure and ensure that threats such as WanaCryptOr are avoided. Some basic security precautions can help us here and while they are not foolproof, they represent the building of cyber security barriers and habits that will be difficult to break down.
Cyber security training is a must for governments
The government’s push for initiatives such as Digital India and Make in India are commendable, but they carry the very real risk of security vulnerabilities. Improved technology infrastructure is crucial for the nation’s growth but unfortunately, cybersecurity ranks low in a list of priorities. Much of what is needed for boosting security of national assets is already known, but not implemented across the government. Cyber security training for government officials is largely missing, so vested parties need to come together and build competencies, practice sessions, emergency drills and shared cyber knowledge management. Seamless communication between cyber security experts and federal agencies, and even between industries and the government, is vital to avoid the effects of threats such as WanaCryptOr.
Enterprises must spread the vulnerable access points
In the age of connectivity and the fourth industrial revolution, the rise of IoT is forcing network operators to manage the large number of interconnected devices. They should think of alternative ways to contain IoT devices into multiple virtualised environments to prevent cyber attacks on enterprises, rather than simply looking at reducing the number of devices on the network. Doing so ensures that at times of network breaches, the damage is minimised. Hastily rolling out devices with default security settings and no user training with regards to security best practices is also ill-advised. Recent malware such as ‘Mirai’ capitalised on this negligence and scanned corporate networks for unsecured devices. So this makes DDoS threats and other breaches even more potent as not only do they affect the corporate network, they enter the thousands of connected devices within a network as well.
Three key commandments for citizens
When it comes to cyber security for personal use, citizens should remember three key priorities. Firstly, they should not use the same password for multiple online services. There are foolproof password managers available today, and they offer the best workaround for creating and managing unique credentials for each service. Secondly, they should not click on links from unknown emails or download attachments or fill in personal information on links that are redirected from such emails. These could be potential phishing attacks. Lastly, encryption of devices, phones, laptops and external hard drives is an essential cybersecurity precaution that must not be ignored.
While data breaches remain a major concern, DDoS attacks that choke networks and ransomware attacks that block devices are some of the biggest threats. The year 2016 saw a large number of such attacks cripple several networks, and 2017 looks to be heading in the same direction. Smart city projects and IoT implementation have widened the vulnerable market for attackers so we need proper coordination between regulators, telecom providers and cloud service providers. Cyber criminals are going to use more sophisticated attack techniques than ever before to lure victims and to expose vulnerable networks. We need to be aware and proactive while dealing with these threats and give security protocols the full attention that they deserve.
By- Rakesh Kumar Singh, Datacenter lead, Juniper Networks India.