Cyber security game never ends

There is a distinct feeling of deja vu with the latest cyberattack, only this time the global ransomware WannaCry is more invasive, trickier and broader in the scope of its victims, having affected more than 200,000 computers world wide in 150 countries, though fortunately only 18 in Hong Kong's private sector and none in government systems.

This perennial cat and mouse game is being played out almost on a regular basis because, despite the availability of effective anti-virus software, many people continue to not take the elementary precautions of installing them, oblivious to dangers lurking in the cyberworld as they go online browsing the internet as though strolling in the park. The danger is amplified for older versions of computer operating systems.

Experts also warned that countering WannaCry attacks requires updating your Windows with the most up-to-date Microsoft security patch - the MS17-010. For good measure, it is also recommended that you disconnect your computer from the internet or local area network. And if using a wireless internet connection, switch off your router. Also back up all important files onto an external storage device then physically disconnect this from your computer.

What makes the WannaCry malware particularly ferocious is that it is different from earlier ones where users were hacked only if they downloaded a file in an email or clicked on a link. This one requires no action which makes it even trickier to defend against.

The success of hackers is in direct proportion to the negligence of computer users, very succinctly identified by James Scott, Senior Fellow, at the Institute for Critical Infrastructure Technology. Scott pointed out that ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication.

But it is reassuring that the government clearly has a robust cyber defense system and structure in place and regularly alerts its staff of the dangers of accepting emails from dubious or unknown sources, and especially opening attachments to such mail. This is because any system can be vulnerable if just one computer is affected. So, the question becomes an issue of raising awareness and making sure staff don't open dubious emails or attachments. Clearly this precaution should also apply in the private sector. In other words, while the internet offers untold convenience which can easily lull its users to the untold dangers lurking in cyberspace, its downside is that it can also cause massive damage and economic loss. There really is no permanent defense mechanism against it as this cat and mouse game continues apace with advances in respective technical expertise. The only real defense is eternal and concerted vigilance by all end users.

Staff Writer

(HK Edition 05/16/2017 page11)