A government orchestrated a cyberattack on a company that produced a comedy about its Leader. Hitting the computers and servers of Sony – the email and sensitive information have been leaked out. Threats have also been issued against the showing of the film and Sony has bowed down to the threats: the film the Interview will not be shown on cinemas instead it will be screened on alternative platforms. The story itself seems to be farce that would come out of Hollywood but its not … Life is really much stranger than fiction. It does highlight one thing the gossamer thread on which information technology is built upon.
First Lesson: The Reality of Cyberattacks
This was not the first cyberattack. The stuxx virus crippled an Iranian Nuclear Facility, delaying their work for more than five years, an attack believed to have been authored by the United States and Israel. Cyber attacks in Georgia and other Eastern European countries have occurred as well bringing down critical IT infrastructure – this was alleviated by two things the presence of cyber-defense units and deputisation of private companies to deal with the attacks.
In past conversations it has been pointed out that cyber-attacks were mirrors or shadows of actual conflicts and diplomatic squabbles. The attack on Sony and before that an American Gabling business after its CEO talked about a certain state was a direct attack caused by their actions and statements. Provoked by their criticism and ridiculing of the leaders of those countries. Another critical difference was the threat / blackmail that followed.
This is a new phase of cyberwarfare and highlights the need for a CyberDefense Policy tempered with application of Human Rights. And this is important so that the Cyber Defense Policy would not be used its own people.
Second Lesson: Personal Cybersecurity
Sensitive and private information were leaked after the cyberattack. Most of these were personal in nature. And this brings us to being aware and preparing for our own cyber-security.
This is how:
1) Always back up your personal information and data. In case of theft or destruction you can always have the back-up to depend on. And saving on the cloud would not be enough. These must be backed up on independent machines not connected all the time on-line, a computer or an external hard disk and thumb drive. Keeping also hard copy would be best.
2) Encrypt your devices – cellphone, computers, laptops and tablets. Even if the device gets stolen or misplaced the perpetrators would not be able to get the information inside.
3) Always threat messages from emails, posts and direct messages as postcards. Anyone who can see them will see them.
4) Follow security advice from activating the two step verification process to creating strong passwords.
5) Maintain and update security and anti-malware software.
6) When using computers for surfing use the stealth and incognito mode always
7) Do not share sensitive information online.
Technology is colour blind when it comes to the purpose of its user. And worse even users with good intent may use nefarious methods to achieve their “good goals” so always bear in mind the Internet and the world of Information and Digital Technology is a magical forest where Big Bad Wolves and Helpful Woodsman live so best to be cautious and take care.