This week’s big security story is the so-called ‘Petya’ ransomware attack. It is not the first such attack, won’t be the last, and its success will pr
This week’s big security story is the so-called ‘Petya’ ransomware attack. It is not the first such attack, won’t be the last, and its success will prompt cybercriminals to attack again, and again, and again. In this new threat environment, there are zero excuses for any enterprise, public or private, to be running Windows XP, or any other insecure platform.
Even the cops
Chronic underfunding and a conservative government ideologically committed to cuts mean key UK public services remain under threat of cyberattack. In recent weeks, the National Health Service saw its computing systems fail because they relied too much on unprotected Windows systems. This morning we learned that the UK’s Metropolitan Police force still uses over 18,000 computers running Windows XP. The key police force of the UK’s biggest city is therefore currently vulnerable to cyber-attack.
How can this be a good thing?
Coming from a government with a record of failure culminating most recently in the dreadful and potentially preventable Grenfell Tower tragedy, final death toll of which remains unknown, this vulnerability is incompetent at best.
Of course, this reliance on dated kit isn’t unique to the UK government. A glance at the chaos unleashed across the IT systems of multiple big enterprises by Petya shows you this. The biggest problem seems to be the continued used of older (frequently unsupported) Windows systems by cash-strapped firms struggling to make money in a tough and uncertain economic climate. Yet, how much cash do they lose in the event of a successful ransomware attack?
Time to upgrade
We know that the PC market has been soft, slow, or slumping (pick your euphemism) in recent years. A move to mobile devices – tablets, smartphones and their far more secure iPad and iPhone alternative – has eaten away at the edge of PC industry profits.
This trend means many firms have opted to squeeze as much use out of their existing IT investments while they wait for mobile devices to truly turn PCs into “trucks”. This hasn’t quite happened yet, but that future remains close and the recent iOS 11 improvements for Apple’s iPad Pro mean many now see that tablet as a strong choice for enterprise IT.
Security, a commitment to regular software updates, privacy and Apple’s long string of enterprise-focused alliances also come into the frame here.
Your life for ransom
These days, software is everything.
When mission-critical enterprise applications go offline this isn’t just an excuse to grab a cup of coffee – these systems drive entire industries, and their collapse means companies lose time, money and reputation. (In a connected age, reputation is everything).
This goes beyond internal systems, of course – Internet of Things devices (particularly in the first-generation) are notoriously poorly-protected, giving increasingly sophisticated cybercriminals ample opportunity to penetrate deep into the heart of corporate IT using these poorly-protected endpoints. This may even put key infrastructure at risk.
What’s the alternative?
Apple and Cisco are working together to create a best in industry security proposition for enterprise users. And yes, you read that right: they are working together to ensure that if a business customer takes cybersecurity insurance and uses Apple/Cisco kit they will get a better deal than they would if their IT is built around other systems.
“We believe with every release we need to make security better and better,” said Cook. “Hackers aren’t hackers any more. It’s a sophisticated enterprise.”
Apple and Cisco both understand that in a world of highly complex cyber threat those with the skills to create attacks have become highly paid professionals.
This means that those choosing to create attacks will get more for their money if they target less well-protected systems, like the old Windows installations that we now know for certain remain in critical positions across public and private infrastructure. Or, indeed, those poorly protected mobile devices that aren’t made by Apple.
Enterprises everywhere need to take a close look at what’s happening.
It must surely be clear to them at this point that these attacks are not going to reduce in frequency.
It is also critical they understand that their IT systems must be fit for use in the always-on, always-connected digital future. Security isn’t a ‘nice to have’, it has become a ‘must have’. Entire economies may be at risk if good security practise is not in play.
Whatever the budget seems to be, CIOs must – immediately – secure additional funding with which to replace their old and creaky unsupported Windows kit.
They can choose to deploy mobile devices where those devices can make sense. (On the grounds of security alone, I recommend Apple and help from systems integrators like JAMF, Dimension Data, IBM, Deloitte… That list will inevitably grow).
I’m in little doubt that Apple is the right solution at the right time to create a much brighter future for enterprise IT – your life does not need to be at ransom.
Do you agree? If not, why not? What does Apple need to do to extend its offer to the future of enterprise technology?
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?
Got a story? Drop me a line via Twitter and let me know. I’d like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.