WannaCry and ransomware: it's time you got serious about cyber security

Keith Martin, Professor of Information Security at Royal Holloway, comments on the recent ransomware attack
Information Security
"Malicious software of the type behind this attack is constantly circulating in cyberspace": Keith Martin
By far the most important step that everyone can take is to start taking cyber security seriously

Many countries around the world have been affected by a massive ongoing cyber attack.

In the UK, the victim that attracted the greatest attention was the National Health Service (NHS), where numerous systems were damaged, leading to significant operational problems.

The attack involved some "ransomware" called WannaCry, which, once on a system, effectively locks it down by encrypting the information on the computer and demanding a payment in exchange for the ability to recover the data.

"All in this together"

The scale of this attack has been significant. In one sense, there is nothing new at play here. Malicious software of the type behind this attack is constantly circulating in cyberspace. WannaCry is just the latest unpleasant computer programme to go on the rampage.

However, there is one important aspect of WannaCry that helps to highlight something cyber security experts have been repeatedly advising everyone.

In many cases, if a computer is infected by a computer virus, only that machine is affected. In the case of WannaCry, once one computer on a system is affected, the programme can spread to other computers on that system.

Since a computer is normally infected through a user's mistake (opening an infected attachment, or clicking on a link), what this episode reminds us is that, with respect to cyber security, we're all in this together.

Keep it secure, stupid!

The good news is that we can all do something about it. By far the most important step that everyone can take is to start taking cyber security seriously.

Any organisation taking cyber security seriously will have either been unaffected, or quickly recovered from, problems relating to WannaCry.

Keeping computer systems up-to-date is one of the most important steps. Making sure that data is regularly backed up means that, if infected, restoration of data onto systems is a routine task, albeit at a cost of time and money.

There is a wealth of advice about how to secure systems out there. It’s just a matter of organisations following it.

Perhaps more importantly, there is something every single one of us can do.

  • We should all equip ourselves with enough "cyber common sense" that incidents of this type occur less frequently.
  • We should all follow standard cyber security advice, particularly being cautious around unsolicited invitations to open files or visit web sites.
  • We should make sure that cyber security is one of our personal transferable skills.

WannaCry helps to illustrate that having personal knowledge about cyber security is not just important for our own purposes, but also helps to keep others safe from harm in cyberspace.

WannaCry made a lot of news. Some if it may well have been old news. But until we, as a society, prioritise cyber security, it is news that is just going to keep on coming.

About the author

Professor Keith Martin, Information Security GroupKeith Martin is Professor of Information Security at the Information Security Group, Royal Holloway, University of London. His current research interests include key management, cryptographic applications and securing lightweight networks. He is the author of Everyday Cryptography (Oxford University Press, 2012) and has designed and led modules on Royal Holloway’s distance learning MSc Information Security programme. The Information Security Group recently retained its position as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR).

Learn more about cyber security!