New Page 3
Hacking and ransomware attacks like Wannacry and Petya are
not random or unforeseeable. You don't become a target of these attacks by sheer
chance, or act of God. I should know, because mine was among the hundreds of
thousands of systems affected by the initial wave of the Wannacry malware
attacks in May 2017.
The hack and subsequent encryption of my system by the ransomware came as a rude
surprise to me. I had always associated hacking and such incidents with the NSA,
other government agencies, and big corporations. Not individuals like me. And
much as I would like to blame the NSA, (and yes they were culpable in some way,
but more on that later), I have to admit that my lack of adequate
personal cyber
security
was also a significant factor.
Like most other internet users these days, I also have multiple
computer and mobile systems that I regularly use to go online. Thankfully, my
primary production systems that I use for my business had been updated to the
latest version of Windows 10. And even that wasn't down to a conscious decision
on my part, but due to an automatic update.
But on one of my other PCs, Windows 7 was intact and became
infected. As most of my sensitive business data and personal stuff was on other
systems, catastrophe was averted. All I lost was some of my older, less relevant
data. But it was still a stark reminder that even a minor oversight can lead to
strangers having access to your private data, often with personal or financial
implications.
The incident has thrown up in stark relief some uncomfortable
truths. I was reading up on Microsofts response to the ransomware attacks to
figure out their stance on the issue. After all, it was the vulnerabilities in
their OS that led to the attacks right? But sadly, things are not so clear cut.
For starters, attack affected only the outdated versions of the
Windows operating system, like XP, Windows 7, and Windows 2008. If it had been
successful against Windows 10, users could potentially have had a solid case
against the company. But in fact, thanks to an NSA tip off to Microsoft, the
company had been able to release a patch in March to protect these older OS
versions.
That led to my first lesson from this whole incident. I now take
all security updates and patches seriously, rather than postponing them or
ignoring them altogether. And yes, I have decided to heed the companys call and
update all my systems to the latest software versions and patches. But that is
only part of the equation.
It was, after all, the NSA who was responsible for finding this
particular vulnerability in the Windows systems in the first place. And they
held on to it for over five years, using it to gather intel, which is what they
are paid to do. But this is the same NSA that lost a whole cache of data to
Snowden. And the very tools for this attack were stolen from the NSA and left
free online for anybody to pick up and use.
The Microsoft response was scathing and withering in its
criticism of NSA, and their unwillingness to divulge these vulnerabilities in
time to the company. While that is understandable, we ordinary citizens cannot
expect agencies like the NSA to stop using these exploits.
And what worries me most is the fact this surely won't be the
last incident of its kind. In fact, the Wannacry malware only used two exploits
from the NSA. There are already reports of newer malware, like "EternalRocks"
which uses another five different hacking tools. And inevitably, in future,
there are bound to be further hacks and exploits of the latest Windows 10
systems as well.
So what should the average user do? Governments and corporations
have the budget to employ dedicated teams of cyber security experts to monitor
their systems. But what about busy individuals, particularly high net worth
businesspeople, and prominent personalities? Surely, somebody has created a
business to provide this vital service, like a PC version of home security
monitoring?
In my quest to find an answer to this question, I ended up at the
door of an interesting company: Rubica. Though they are relatively new, having
been established only in 2016, they do have an impressive pedigree. The company
was created from the cyber division of Concentric Advisers, a cyber security
consultancy service with more than a decade of experience.
So what can this private firm provide you or me, individuals and
solo entrepreneurs with data that needs constant protection? Pretty much
everything, or so it would seem, based on the array of services on offer. They
provide a cyber audit of your current level of security, which, had I used it
prior to the Wannacry attack, could have surely prevented the loss of my data.
Rubica also has an app to secure your mobile devices, as well as
PCs and Macs. I was particularly intrigued by their Concierge service, which
seems like a highly personalized service. Their 24x7 monitoring teams and AI
provide a constant shield against attacks by constantly checking your cyber
security for potential weaknesses.
Rubica is definitely not a mass market solution, nor do they
advertise themselves as such. If you have a dedicated team of security
professionals available 24x7 to handle cyber security, the service certainly
wont come cheap. But the value of your privacy in incalculable. And if the
potential monetary cost of a breach of that privacy is also very high, then
services like Rubica may be well worth a look.
|