The recent WannaCry attacks have underlined, underscored and highlighted how absolutely important it is to patch a computer, avoid opening unknown attachments and recognise risk when it arrives in an inbox. And, while there is no connection between the ransomware and online payment fraud, both rely on trust and lack of awareness to perpetuate their crimes.
“The success of WannaCry will very likely see cybercriminal syndicates double their efforts,” says Peter Hart-Davis, security officer at PayU. “It is just the tip of the iceberg when it comes to the vulnerabilities disclosed through the NSA leaks and many will attempt to take advantage of these as swiftly as possible. If ever there was a time for the user and business to invest in good security hygiene, it is today.”
Phishing attacks on social media have risen by 500% according to a study by Proofpoint, and another study by GreatHorn, the 2017 Spear Phishing Report, found that the average business user faces one risky email a day.
According to Hart-Davis, it is important for users to realise that there are high levels of risk in almost everything we do online. But that doesn’t mean we should stay away or browse in fear. Being aware of the risks is the key, even if we don’t fully understand them.
“It’s similar to driving a car,” says Hart-Davis. “It’s really risky, but we all do it. That’s because there are good guys out there designing products that keep us safe and mitigate the risks. Thankfully, the online security products we can use are a lot cheaper.”
The vehicle analogy fits particularly well. Besides the perils of sharing the road with thousands of other cars driven by drivers of varying levels of ability, cars are broken into, hijacked, stolen and are under threat of being hacked into.
Online awareness a cocktail of fear
The unprecedented WannaCry attacks have added fuel to a largely negative cocktail of online fear. We have seen fake news become a thing in the US and more recently here in South Africa. The infamous “leak” is another phenomenon that has been revived in the mainstream. And hacking has been around since the cold war in different guises. The notion of nations initiating cyber attacks on one another, or at least allegations thereof, is new though, and conjures up a new bogeyman in the collective.
In a complicated online world, protection often lies in keeping it simple. From dating to transacting, the bad guys capitalise on laziness and ignorance. However, vigilance, maintenance and common sense are the elements missing from the solution. And they are all within our power.
“Clicking on the wrong link can be an incredibly damaging experience,” adds Hart-Davis. “But I would rather know that, and take the necessary precautions, than avoid the internet completely and miss the positive benefits it offers us.”
Let’s learn from WannaCry
WannaCry was a success because machines were not patched. Going forward, as attacks become increasingly sophisticated and targeted, the first, and best defence is to ensure every computer is up-to-date. Many clever phishing emails have already sourced your name and details elsewhere and will use this information to lure you into exposing more of your identity.
“When you head out online to do your shopping or payments, use a resource that is trusted and has its own layers of security,” concludes Hart-Davis. “Learn the rules of the online road, and embed these in children from an early age. Like washing your hands, online hygiene is just as important. Watch what you click and watch what you do, and stay safe.”
If WannaCry has taught us anything, it’s that the intersection of risk, awareness and trust is where we, the good guys, hold the power.