Just days before last week’s massive cyber assault known as WannaCry struck computers in at least 150 countries, the telecommunications giant NTT issued a report on digital threats worldwide. One of its conclusions: “In today’s environment, everyone has an important role to play in cybersecurity.”
The advice was prescient. The May 12 “ransomware” attack that spread from China to Spain was slowed down by a 22-year-old British man who lives with his parents and who is self-taught in cybersecurity. His quick work in buying a web domain name connected to the cyber worm ended up being a temporary kill switch. This gave valuable time for companies, governments, and other users of Microsoft’s Windows OS to protect their systems and data, especially in the United States.
His $10 purchase saved billions. More to the point, his action shows that the users of digital devices connected to the internet must always be alert to hackers, even if only to notify experts. So-called phishing attacks like WannaCry, which often come through email, are responsible for as much as 73 percent of malware being delivered to organizations worldwide.
The NTT report says cybersecurity requires much more than a technological fix. New security software cannot keep up with evolving threats. The key solution is for people to be alert and to work together.
“To successfully navigate these challenges,” the report states, “organizations are going to be required to rely on their users more than ever.” This includes such steps as keeping software up to date with security patches, using complex passwords, and watching for potential cyberattacks in email, texts, and other methods.
A similar recommendation was offered last December by the US Commission on Enhancing National Cybersecurity, a nonpartisan panel set up by President Obama. Among its 16 suggestions, it said that effective cybersecurity “depends on consumer and workforce awareness, education, and engagement in protecting their digital experience.” Individuals must keep advancing their “understanding and capabilities as vital participants in shaping their own – and the nation’s – cybersecurity.”
In a letter to The Washington Post, the commission’s former executive director, Kiersten Todt, wrote: “We have to stop giving each other a free pass on our personal responsibility for cybersecurity. If you have a smartphone, use a computer, use a Fitbit or connect your baby monitor to a computer, you need to know more about cybersecurity.”
To assist digital users, the commission called for a private body to develop the equivalent of a “nutritional label for technology products. Such an impartial, third-party assessment would help consumers better use cyber tools and curb large-scale harmful activity in cyberspace.
The NTT report makes one other and necessary point about the role of cyber experts in assisting computer users: “Our end goal is not to create fear, uncertainty, and doubt or to overcomplicate the current state of the threat landscape, but to make cybersecurity interesting and inclusive for anyone facing the challenges of security attacks....”