In the last few days a reported 200,000 computers in over 100 countries have been affected by the largest cyber attack the world has ever seen. As I sit and write this piece, news sources are suggesting we haven’t seen the last of this attack and there are more to come.
The attackers themselves are still hidden somewhere in cyberspace. Maybe they’ll be ousted and prosecuted in time as they deserve, but maybe they won’t. One thing is certain; the attack will force people, organisations and even governments to think more deeply about cyber security and the protection of data.
Things, in technology at least, will never be the same.
So, what went wrong?
Well, putting aside the intentions of the perpetrators for one moment, a lot of the problem is down to how we view software ownership. The attack became possible because very old versions of software are still being used. Not just in homes and small offices, but in entire organisations as large as the UK’s National Heath Service.
This old software harbours a myriad of security ‘holes' that hackers can use to gain access to computers, lock down data and, ultimately, extort money from owners to put things right. In this case, the hackers installed ‘ransomware’, a type of malicious software that encrypts data and blocks access until a ransom is paid by the owner to unlock it.
Why is such old software still in use?
There are any number of answers, but we suspect many involve a lack of upgrade priority or budget. Companies are still not applying the same purchase and update strategies they use for physical machines to software. If you own a car or bicycle (or a large piece of medical machinery…) you don’t just keep using it until it breaks down, you plan and pay for maintenance during the machine’s life to make sure it keeps working. In the same way as a physical machine, software needs ongoing maintenance too.
Until consumers large and small start treating the software they use with the same respect they give their mechanical machines, we can expect to see more attacks just like this.
As for the Smart Home industry; this means ongoing service and maintenance procedures should be viewed as an ‘essential’ rather than an ‘optional’ part of the sale and ongoing customer relationship. These should be explained and contracted right from the start to set customer expectation and be followed through vigorously.
There will be customer education and change of mindset required, but the recent ransomware attack provides more than enough evidence to suggest a wholesale change of approach is needed if we are to minimise the damage that hacking and cyber security breaches will cause in our new IoT world.