By Graham Jones
The global cyber attack of the past few days has grown again, with many more systems compromised. Russia is blaming America. America is blaming Eastern Europe. Microsoft is blaming the US Government. Newspapers are blaming Jeremy Hunt. Who knows? No-one.
I have a sneaking suspicion we’ll find this havoc has been caused by a pimply youth who was experimenting to see what could be done with code. The chances of an organized group, or a state-sponsored gang, producing what is, frankly, a rather amateurish attack is low. Those high-level cybercriminals are much more sophisticated. Besides which, even though this worldwide hacking attempt has affected tens of thousands of systems in half the world’s countries, it has, so far, only amassed $42,000. Not much for a gang attack – and certainly not enough to ensure they can run away to a new life. One day we’ll probably discover who was behind this and I suspect everyone will go, “really…?”
In the meantime, though, there is the issue of clearing up the mess. Technology teams have been working non-stop to try to restore affected systems. Many of them appear to have been using old operating systems, unpatched with updates. Plus, many don’t appear to have invested in Internet security software, or if they have they don’t really update it. I heard one company on the radio complaining that they had been affected and they don’t understand because they “update the antivirus program every week”. Whoops…! That’s the problem; you need to be updating your security software hourly; patches are provided throughout each day, often several times a day. If you only update once a week, you leave yourself open to all the possible exploits that would otherwise have been fixed.
At least, though, that company was trying. Others don’t even have security software. It is estimated that a third of the world’s computers connected to the Internet are doing so without security programs. That means no matter how hard you try to protect yourself, others are allowing the Internet to become a criminal’s playground. It’s a bit like you locking all the doors of your house, but one of your neighbors have the same set of keys which they leave under a flower pot.
The psychology of risk
One of the main reasons that people do not protect themselves is due to their risk perception. Consider the people who smoke cigarettes. They know that smoking kills. The packets tell them in no uncertain terms that cigarette smoking is highly dangerous. But they believe that the damage is done to other people. “It will never happen to me,” they think.
Similarly, when drivers are told that speed kills, they still drive their cars fast, assuming that accidents only happen to other people.
Human beings are really rubbish at assessing risk. We tend to reduce the level of risk in something which is high and we tend to increase the level of risk in something that is low risk. We are constantly trying to “normalize” risks because that Go to the full article.