Tech Tuesday: Computer Security – It’s Not Your Fault, But That Doesn’t Matter
18 July 2017 |
Matt Rosenquist | About a 4 minute read
We are all at risk and for the foreseeable future – it will only get worse. Computers were designed to be used as generalist machines. Lots of different software is designed for the longest time to be functional, but not necessarily secure, including your operating system. It is getting better, but legacy support means that old exploits never truly go away. This results in more and more vulnerabilities (ways that your machine is insecure) and with more information flowing around the web, email and a myriad of ways – taking advantage of these is ever growing. Unfortunately, we all have to bear the responsibility of being diligent these days, so being wary of every link, every attachment regardless of who it was sent from.
Why am I being targeted? – Because you are valued. As an individual, you are more valuable than ever, with the advent of currencies like Bitcoin, it has allowed for the creation of highly lucrative ransomware. Most notable being Cryptolocker and variants which encrypt all your data. Where previously, your value on mass was low, now we are all a lot more valuable as an individual. Additionally in a work environment all individuals are valuable, as one weak link can affect the whole network. Therefore we can unknowingly be a Trojan horse, as has been seen with the recent attack that affected the NHS.
The threat is ever increasing both incrementally and in large bumps. Most recently a large set of zero-day vulnerabilities (vulnerabilities which are previously unknown and do not yet have a fix) and hacking tools were stolen from the NSA (USA National Security Agency) and leaked. These vulnerabilities resulted in the attack which most notably affected the NHS, where large amounts of files were encrypted by the WannaCry virus. Bitcoin has made it possible for attackers to demand large amounts of money from people in an untraceable manner that was previously not possible at scale. We as consumers expect that our old software works on the most recent operating system, even Microsoft’s “Windows 10” the latest and most secure operating system is already proven to be vulnerable due to supporting legacy software. The new product class of smart home is a whole new area where security comes second place to functionality, allowing a large new space for attacks to happen. As more and more attacks are introduced to the internet, the higher the risk gets as the old attacks may never go away but remain dormant until they find unpatched computers. This was was the case with the Conficker Worm which came back after eight years.
So what can you do to help keep yourself and your workplace safe? Below are some suggested tips, but mostly it does rely on you being constantly diligent and getting the basics right:
- Be wary of all links /attachments that you have been sent
- Make sure that the url bar has HTTPS and the padlock symbol is not red when entering anything sensitive on a site (including logging in)
- Backup regularly (only way to not to pay a ransom)
- Keep your system up to date with patches
- Use anti-virus software
- Don’t run as admin (you can have an admin account, just don’t use it as a primary account)
- Be careful on public wifi (coffee shops …) as the it is easy for others to snoop on the connection, use HTTPS
- Don’t use the same password everywhere
- Don’t install certificates it asked unless you are expecting them
- AND don’t forget to be nice to your IT people, they are trying to do the best of a bad situation
For anyone working in any part of software development, it is no longer ok to just look at creating functional products. Security needs to be built in throughout the lifetime of the product. The developers, system admins, and DevOps are a large part of this, but not the only part; security vulnerabilities can be brought in by design.
The future is not completely bleak when it comes to computer security, the smartphone you probably use is already far more secure than your computer. This is due to the fact that security was considered through the creation of smartphones. It is this same change that will ultimately need to happen to the computers’ operating systems we all use. Security and convenience ease of use tend to conflict; I would also expect that there is going to be a period of inconvenience while there is a transition to a more secure environment. This blog post is not meant to be scaremongering, instead, an explanation of current state and the immediate future, the situation should be better, we should not be required to be constantly diligent.Read More From This Author
Tech Lead (Reading)
Bring your expert tech knowledge to the table to influence the direction of projects, whilst coaching and your team through engineering best practices.I'm Interested
DevOps Lead (Reading)
Bring your delivery expertise to the table, leading the pack as ambassador on operational requirements, influencing and continuous development.I'm Interested
Programme Lead (Edinburgh)
Bring your expert project knowledge to the table to own delivery of all our initiatives being delivered out of our Delivery Engine.I'm Interested