YOU may have observed the strong response to U.S. media reports that President Trump inappropriately shared sensitive intelligence about ISIS laptop bomb plots during a meeting with Russian representatives last week. In the high-stakes game of international espionage and security, a mere mention is sufficient to undermine sensitive operations since you can compromise sources and methods without directly exposing them.
Consider also the damage being caused worldwide by the WannaCry ransomware attack which encrypted the contents of infected personal computers, then demanded a ransom payment to restore access to that locked information. When system vulnerabilities are exploited to expose information, the results can be ugly whether that vulnerability is technological or human in nature.
Tracing the origin of the WannaCry ransomware attack is interesting, because it includes the following elements:
1) Flaws in the file sharing technology used by Windows computers;
2) A secret intelligence gathering tool hoarded by the NSA;
3) Exposure when a stockpile of cyber-weapons were leaked by hackers;
4) Software patches not being installed to fix the problem;
5) Malicious hackers developing and releasing the ransomware;
6) Users duped into clicking on links in craftily-worded email messages; and
7) The spread of the attack, and tremendous loss of productivity and trust.
It should be clear that an attack relies on several stages, but can be stopped by anyone. This process is not new to those who work in the industry and advise others on good practice such as:
*) Installing all security-related software updates;
*) Training users to spot fake messages; and
*) Increasing awareness of risk mitigation measures.
Since a malfunctioning computer system can cause you to miss an appointment, not receive the right prescription, or otherwise undermine your health and wellbeing, we should all pay attention. If the U.S. President can be criticized for his role in weakening security, shouldn’t you prevent similar problems in your own environment?—
To share your views, contact the author at: www.datashore.net or via The VOICE.
About the Author
Dr. Lyndell St. Ville is an ICT Consultant based in Saint Lucia. His expertise includes systems analysis, design, and security strengthening.