There is currently a new Ransomware attack occurring around the world. Some Australian businesses have been affected. Make sure you have patched your computers and your AV and other security tools are up to date.
Once again, those who dont keep their virus definitions and security software up to date are the victims of these attacks. I guess it takes financial hurt in the loss of all their files before they take cybersecurity more seriously.
Is it totally correct or fair to blame the end use for being a victim?
The root cause of these cyber attacks is not the end user of computing products.
The root cause is down to poorly written operating systems and software. These are sometimes coupled with hardware issues that enable back doors to be exploited and poor data security on the internet/networks.
Of course we all contribute in different ways to the outcome - poor backup routines, unpatched software, ignorance of scams, accidentally tapping the track pad as we drag over a dubious link on a web page we didn’t ask for. All of that does not make the end user the root cause. We’re still just a contributing factor. While ignorance is not an excuse cyber security is not for the average person to understand. Cyber security including patching and virus updates and scam protection are reactive measures.
Us poor end users! Not only are we being asked to put the pin back in the grenade, we are also being asked to pay to find the pin to stick back in it. Sometimes it seems we are also expected not to blow ourselves up by walking through an unmarked minefield to get to and from work every day. Unless you accept that the minefield is the internet in its totality! In that instance the only safe option is not to use it ever!
Yes - I’m a risk taker too - but should I need to be?
Certainly the end user is not the root cause, but given we know the problem, there isn’t really any excuse for not taking action to prevent an attack. Sure it does cost a bit of money to buy decent software, but set it to auto-update, and you are reasonably well protected- just the occasional re-start required. If you have a small business in which a ransomware attack could cost you thousands of dollars, or even for individuals where it will mean lost documents, but not a huge monetary expense, then a few hundred spent on software is good value. Multiply both those values by a factor to suit whatever size your business is.
Until the operating system and software providers can get their act together and make truly secure software, it is up to the end user to take appropriate measures for their own protection.
Yes we are given much of the responsibility and a portion of the cost of mitigating the security issues of our machines. Windows warns a user if they do not have security software installed or up to date (Win 10 employs it’s own unless you install a 3rd party one). Patching for the home user has been largely automated in response to the threats (if you disable or delay the patching you are warned).
Cyber-security is a minefield but if a user at least employs the provided tools it is at least some protection and at that level doesn’t require much if any real thought. I agree that most of the security fixes are reactive rather than the ideal proactive but most AV products these days use heuristic analysis to determine if something new is a threat rather than just relying on string matching.
The reason that these current threats have been so pervasive is because businesses have not patched known vulnerabilities due to their patch management protocols and then the public being infected through secondary contact. Also involved is the poor back up processes of some companies and other users, the willingness of some to click on dubious messages and links and just plain bad luck on a day when the “perfect storm” hits.
As @gordon advises the risks are known and the ways to decrease the risks are also known. In a perfect world we wouldn’t have to protect ourselves but we live in a far from perfect world. We lock the doors and windows on our houses or if we don’t we should, the same stands for our computers (all our connected devices) we should be locking the easy ways in but if someone wants to get in they will but we can do much to protect ourselves and make their entry hard to do.
And the cost to an average home user does not need to be expensive or time consuming, after some research a good AV/Anti-Malware package can be had for much less than $100 or use some of the reputable free versions available and ensure you keep up to date.