We live in a world full of potential cyber dangers. Everyday internet users need to be aware of this and companies have to take measures to protect procurement processes and their goods. The exact nature of new threats is changing as criminals get bolder, and two recent crises show the stakes riding on good digital security. The political dimensions of these incidents may be important, but as a business, your immediate concern is probably how to put up the best defense against it.
The WannaCry Ransomware scare
Ransomware refers to a type of malware which locks computers and forces users to pay to access their files. If victims refuses to pay, they risk losing their data as the criminal deletes it, but if they do, they reward the attacker, and there's no guarantee they won't become victims again.
The most famous recent instance of this is the WannaCry or WannaCrypt program, which, according to NPR, appeared in countries around the world. As of this writing, much of the concern regards who is behind this attack, with some security researchers suggesting it might be a state-sponsored effort from North Korea. Flashpoint researcher Paul Burbage denied this, though, despite other assertions.
"We compared the code samples between WannaCry and previous [Democratic People's Republic of Korea] activity, but the only similarities are public libraries," he said. "Perhaps Symantec has more to go on than us at this point, but we are not seeing a DPRK link with the WannaCry worm campaign at this point."
BBC News reported that the attack had a wide range of targets, from government agencies to companies such as Nissan, although the latter said there was no significant effect from the attack. Still, businesses should weigh the cost of disruption when such attacks are possible.
"Businesses should weigh the cost of disruption when such attacks are possible."
Another noteworthy case included a phishing attack through Google Docs that seemed to fool more people than usual. The Washington Post estimated that this incident may have affected more than a million Google users, based on the company's own statements of the damage.
Phishing is essentially the use of fake email links and attachments to trick targets into clicking on bad links or surrendering important data. In this recent case, the Post said, users opened their inboxes to see what appeared to be a legitimate request to share email access with a third party.
Since it used the actual Google login page, there was a higher possibility that even those who were phishing-savvy might have fallen for it. This subverts one of the typical main ways to fight against phishing emails, which is usually to look for "tells" that the message isn't legitimate.
Supply Chain Dive elaborated on why companies should think of the impact of cybersecurity threats on their business systems. The source said the businesses might avoid updating security because it seems too expensive or complicated. However, with more ways for criminals to attack, businesses may face more pressure to adopt managed IT services and other ways to stay relevant.