Cyber Security - an Emerging Field
A friend of mine recently had her computer files encrypted - the result of a ransomware attack. Refusing to pay the Bitcoin ransom payment to have her data released back to her, she lost months of crucial research.
It brought home to me something I had looked at from an almost academic, spectator-like viewpoint, cyber-security.
We all remember the worms and viruses that used to plague the early computer systems. Quickly our virus scan software caught up, and it seemed for a while there that every single USB drive you owned was having a virus or two cleaned off of it before it was used. Computer viruses seemed like they could be controlled.
Before too long those old viruses just stopped being around. We conquered them. And while many people, especially on Windows based Operating Systems, continued using the virus scanning software, we started to get complacent.
And while this was happening the cyber-crims were getting smarter. They were developing newer scams, newer ways to bring down your computer, steal your data, or your money. And it seems that they were helped along by the brightest in government, who creating tools to wage war on computers, inevitably leaked those same tools to criminals.
Today we deal with an umbrella of 'malware'. Malware is, basically, any process that occurs on your system that has an unintended consequence (to you). I appreciate that this covers a very wide range of things, everything from popups, social engineering and phishing right up to ransomware.
Malware attacks and cyber attacks, in all its forms, is targetted to do one of the following;
- obtain your personal information (for identity theft)
- compromise your data's availability and blackmail you to get it back, or another purpose (includes types of ransomware)
- steal information for the purpose of resale or embarrassing a business or individual. This includes data breaches
Rather than go over the myriad of ways you or computer networks can be compromised and the types of malware (that's an article for another day), I wanted to go over how you can prevent such an attack. These basic points go for extensive network security, as well as home networks.
Prevention is the best cure, right?
The Australian Government actually publishes some guidelines that they call the Essential Eight (https://www.cyber.gov.au/publications/essential-eight-explained), and in a nut-shell they are:
Whitelist: add the programs and processes that you want to run to a whitelist or an approved program list, and don't run anything else without fully understanding where it comes from and what it will do. Most modern operating systems do enforce this, but you have to get out of the habit of just blindly 'approving' anything that might hit up against this wall.
Macro Settings: many programs, such as Office Suite, can perform actions within your computer, called macros, that can be used to perform malicious functions. If you receive a program file like this form someone else, make sure you trust the source. And as a precaution, disable macros. You will be fine without them.
Patches and Updates for the Operating System: Make sure you accept and approve updates to your operating system as they are released. More often than not these updates are filling in potential, or already exploited security holes in your operating system and so it is important to your computer security that these are updated frequently. Operating System's are not always updated for the purposes of the way you look at or use your computer.
Remove programs or program functionality that you don't need: even if a program is not identified as a security risk, you should remove anything you are not actually using. And remove functionality that is known to be dangerous. For example, both Java and Flash are known to have serious security vulnerabilities when running on web platforms (such as browsers), and yet many people still have plugins enabled for these programs. It is unlikely that they will ever need one of these to run an application on the web. You can safely un0install Flash and Java from your browsers.
Multi-factor authentication: where available encourage the use of multifactor authentication. You may see this as a web site asking for an email confirmation that you have logged in, or a text message sent to prompt a pin entry or programs that block logons or use that appears suspicious (banks often do this)
Restrict user privileges: in a family or a business, restrict the actions that the users can take on a computer. Allow only the applications you know and must be used and trust, otherwise, do not allow anything to be installed or altered without consent.
Patch and update applications: all programs will eventually be found to have security vulnerabilities. These will be 'patched' or fixed by the software owners if they are reputable, so make sure you are updating as frequently as these updates present themselves. This is also true for applications you may deploy online, such as WordPress or similar.
And because even when you take all of these precautions there will be things that you can not account for, or a user will allow something malicious to happen, the next one is less a prevention than a recovery action.
In order to be most effective, you should back up, off-site, daily. I realise that this sounds hard, and sounds like overkill. However, if you fall victim to a form of a ransomware infection or something else that compromises your data you will be laughing. Even the most advanced persistent threats will do little more than interrupt you as you restore a backed up version of your systems. And all with no ransom paid.
Backing up off-site (and not just the sensitive data, everything) allows you to prevent data loss due to theft or a destructive incident like fire. This could be done by backing up to cloud server (usually you can pay monthly for TB's of data stored int he cloud), or you can back up to external drives and remove the drives from the site.
A good rule of thumb is to have 3 separate backup's of consecutive days, wiping over or updating the oldest every three days. For very crucial data you can even consider keeping backups in different locations to further mitigate the risk of malicious software.
Make sure you also test your backups from time to time. It is not uncommon for a business to go to use a back up to find that the backup process was not working or the medium it was stored on was corrupted.
I do not wish to be a bringer of bad news or pushing on you how bad the world is. However, I do find that being prepared for every eventuality within reason is your best defence, and with all bases covered, nothing will happen to you.