We must protect our old infrastructure to make sure that we keep the number of gaps in our digital world to a minimum.
It is now becoming increasingly obvious that hackers find old infrastructure to be easy pickings when it comes to attacking the most critical parts of our society.
We are, as journalists, tend to be attracted to the newest stories of ransomware at its finest, its most sophisticated, its most evil. Even everyday conversations are likely to include a story of someone who knows someone whose company was held to ransom and how they responded. Some stories are horrific, some companies never got all their data back.
Some went bust.
Behind all that are stories of the old infrastructure that is easy to attack, yet critical to our real lives. The Colonial pipeline story is the most obvious one but there are others.
Sophos, the ‘next generation’ security company describes one such attack, whereby hackers breached an 11 year old internet facing server running Adobe software ‘in minutes’. Then, in what is becoming a profile of the new-look hacker, they waited for 79 hours before striking the ransomware blow. They extracted the data and posted a ransom note saying they were ready to spread the data far and wide, unless ‘we can make a good deal’.
Ransomware is a difficult issue. Those who have not been affected and yet hold senior positions of what we used to call power will say ‘never give in to ransom’.
But what would you do?
Bad guys have your information, your customer data or your business plans and are about to share them with anyone who cares. Your business is, literally, on the line.
It is a tough choice.
The Sophos story and the Colonial pipeline story show us that it is not the ‘spy story’ hacks that we should be most worried about but the old infrastructure that creaks away, yet still somehow supports our society.
The American Government and the people who are apparently in charge reacted by throwing money at the problem and, for a change, they were right.
Governments around the world must take an urgent look at their utility companies, in the widest possible terms, and throw money at a problem which, at the moment, is making hackers everywhere lick their lips in anticipation.