IT is a fast-paced industry with new innovation developed everyday. A technology can become obsolete in matters of mere months. This creates both advantage and threat. On one hand, people can enjoy technological advancement fast – various software and applications, more efficient operating system. People and industries begin to connect everything online, which hackers and other criminal see as opportunity to take advantage of.
Cyber security is an issue that would never finished. For every man developing more advanced security system, there is another who works on how to crack that. In 2017, we’ve seen several major cyber crime conducted, creating nation-wide or even world-wide impact. Today, let’s look back at the latest advancement of cyber security breach and learn from them.
Earlier this year global public received a surprise from a hacker group in a form of ransomware. Ransomware is a malware that locks the data in the infested computer and if the user want the data back, they will have to pay ‘ransom’. It started to become popular in 2012, giving birth to legendary ransomware like CryptoLocker who had netted $1.8 billion before it was taken down by authority. In 2017, another ransomware, aptly named WannaCry, was released. WannaCry managed to infest billion computers in the world that were still using Windows XP operating system. The biggest impact happened in UK Public Service Hospital – where confusion over the lost data had caused delayed service.
What to learn from them: probably the fact more astonishing than the WannaCry itself is the fact that there are still millions of XP user in the world. It’s understandable for individual user and small-business owner, who have little to no stakes if anything happen to their computer and the data stored inside. However, organization that depends a lot on data like hospital and business enterprise should be more aware of the cyber security risk like this one. While it’s true that changing operating system for every new release probably costs a lot – and not just in financial way – it still outweighs the possible disruption for the organization’s work in the future.
Data Leaking and Stealing:
The most common cyber attack of data stealing had caused the biggest cost: losing presidential election. Americans may still remember (bitterly, for some), how Hillary Clinton’s electability decreased significantly after Wikileaks released the pilfered DNC emails of the female politician. The same scenario happened again this year during France presidential election, although with different result as Macron still got elected.
It’s not just politician who got to be the victim. 180 thousands of voters data in America was apparently stored in a publicly-accessible storage, meaning that literally anyone can see these 180 thousands people personal data. This happens more because of the officer’s negligence instead of malicious intent – but still, since anybody can see them, there is some chance of some people taking advantage of the opportunity.
What to learn from this: nobody is really safe from cyber attack, including presidential candidate (or probably, especially presidential candidate). Basically, the higher the stake, the more threat you get. Therefore, make sure to increase the protection of your cyber data and activities – including exchanging email and making online calls – if you think you’re dealing with sensitive data.
The mistake in storing the voter’s data happened because of the low awareness in the officers handling the data. If you have other people handle your data for you, make sure he is knowledgeable enough to know all the risks and how to prevent them.
Phising and Spoofing:
Remember the infamous phising email from Nigerian Prince asking you for help and he would reward you later? In 2017, most people now realize how ridiculous and obvious the scam is, and it’s harder and harder to find them these days. But, don’t think that this “Nigerian Prince” is finally retired, because the don’t. As people become smarter, they change their method as well. Now they won’t introduce themselves as “Nigerian Prince” anymore, instead they will greet you as your account officer from your bank, asking you certain amount of money as a cost of new service. The email address won’t be from unrecognizable domain as well, but from firstname.lastname@example.org and if you click any link to follow, they’ll totally bring you to authentic website or one that is almost identical. You may think this email is official and the real deal, and proceed to follow the instruction.
Sometimes your wealth as individual isn’t as appealing as the wealth of the company you work for and will send you email from your.CEO@your.company.com or email@example.com and asking you to make a transfer from the company account you can access – pretending it’s for purchase or some other business necessity. Again, they could use your superior’s personal information they’ve pre-acquired before to make you believe it is really them.
What to learn from this: phising and spoofing targets every individual and organization, there’s no exception. It’s important to train your employees about the many kinds of MO phising and spoofing attack. Make SOP that require them to always recheck any unusual request to transfer – either assets or data – to the correct person using the other phone number or email. Enforce strong protection within the system, from anti malware to firewall to data encryption and keep updating the system to the newest system.
Paying early attention to cyber security is key to prevent future attack. Preventing is always cheaper than repairing damage. When your protection system is popping up notice to update, treat them as call-to-action instead of advisory. Cyber security attack causes financial and trust loss, and those two are the best assets for any business to survive.