Let's Stop Chasing the Bad Guys
For years, security providers and hackers have been locked in a struggle which is heavily weighted in the hackers’ favour. The hackers develop and unleash their next piece of malware, and the security providers try to find it and neutralise its effects before it causes harm. The trouble is, it is a game of catch up; the threat is released and only then can it be identified and (hopefully) dealt with.
Many organisations have spent considerable sums of money protecting the perimeter of their network with multi-layer firewalls and access controls. But can we continue to chase the bad guys and build big brick walls around our networks in the hope that nothing bad gets in? With tens of thousands of hackers out there the odds are stacked against us. They only have to get lucky once, whereas we need to be lucky all the time!
The global cyber-attack on Friday 12th May delivered using a ransomware program known as WannaCrypt0r 2.0 again illustrated that the phenomenal benefits of the digital age also carry grave risks. With Cyber-crime on the increase, GDPR legislation just around the corner and massive fines on the way for companies which experience a data breach (not to mention the resulting damage to brand reputation and stakeholder value), it is time to adopt a different approach to cyber security.
Ransomware is a relatively recent phenomenon. It is frequently delivered via a phishing attack where a user is lured into clicking on a link or opening a malicious attachment in an email. Once activated, the program encrypts the victim’s data rendering it useless. A ransom is then demanded to decrypt the data.
Education is the obvious way to combat such attacks, and there are many organisations offering help in this regard. At a recent Ciptex company meeting, we were all invited to participate in an online quiz set up by one of our IT team and hosted by Kahoot! (look it up, I’m not going to attach a link to it here!), which delivered important information and tips in a fun and easy to access way, which engaged the non-technical members of the team (who it was primarily aimed at).
However, its difficult and time consuming to provide decent education for all, and for those not on the front line, the messages can be soon forgotten. As the overwhelming majority of attacks arrive via email, often in the form of a malicious attachment, it is this area that we need to address and where a different approach is needed.
Instead of checking emails to see if there is anything bad hiding in an attachment, let’s look for attachments which are good. Good is easier than bad. We know what good looks like as the providers publish this information and they also give us advanced notice of what and when things will change.
By looking for good and only allowing good through, we can stop playing catch up with the bad guys, as whatever they do, we know it won’t be good!
As with all the best ideas, this one is so simple and obvious once you hear it, you can’t believe you didn’t think of it yourself, or why it wasn’t thought of years ago.
Ready to stop chasing the bad guys? Have a look at the 'EMAIL' tab on the Connectivity and Networks section of the Ciptex website (if you are feeling brave try https://ciptex.com/connectivity-networking) to learn more about our hosted solution and sign up for a 3-week free trial.