17 May 2017

The Global Media Completely Overreacted To Yesterday's Cyberattacks

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, Saturday, May 13, 2017. Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users' files for ransom at a multitude of hospitals, companies and government agencies. (AP Photo/Mark Schiefelbein)

Yesterday, the world’s media experienced one of those episodes where ignorance feeds panic, and ended up talking about organized attacks and even cyber war about a virus that spreads randomly and should not generate any problems if organizations and individuals have minimal backup.

Ransomware dates back years: it infects a computer with a program that encrypts the contents of a computer’s hard disk, demanding an untraceable payment in returning for “freeing” it. The infection can be triggered through spam or other means to get the user to open a link that allows the program to download, which later looks for other computers to infect. If that infection spreads through a corporate network in which anti-virus systems are not up to date, the only thing to do is disconnect the infected computers, remove the infection, recover the contents of those computers from the backup server, and move on. End of problem.

The appearance of such a virus in a company is no big deal: regardless of how up-to-date its security policies are, all it takes is for somebody to click on a link or enter a page to spread the infection. On Friday, Spanish journalist Marcos Sierra quotedGene Spafford, Spaf:

"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then, I have my doubts."

The reality is that no country or organization is really prepared for an all-out cyberattack. If the will is there, then any organization or individual can breach a computer system’s defenses. That said, there are ways to reduce the likelihood of being a target: ostentatiously boasting about security and thus challenging potential attackers, or simply being a symbol makes for an interesting target, and no system can resist an attack specifically designed for it. At the same time, there is no point succumbing to defeatism: we must do everything that is reasonably in our hands to avoid an attack. If an attack takes place, transparency is essential, and then move into repair mode, which is precisely what Spain’s leading telecoms operator Telefonica did yesterday.

The important thing here, of course, is to understand the differences between yesterday’s random infection that hit Telefonica and other companies, and could have affected many private users, and an organized attack, selective, or even worse, an e-war aimed at causing specific damage and compromising critical infrastructures. None of that happened yesterday: there were no "affected countries", or "companies paralyzed", but instead a random infection that hit some systems, causing damage to those which lacked backup, which is something that needs to be looked into.

There is no reason to be afraid of viruses, what we need to be afraid of are companies and organizations that do not have the right security procedures. What happened yesterday did not endanger anybody, what happened was a few individuals trying to make money out of organizations with lax security practices. Getting this kind of reporting wrong is at worst sensationalism and at best a symptom of panic, which is never a good idea, and much less when it comes to security.

No comments: