Update Security Software When Notified to Avoid Becoming a Victim

Update Security Software When Notified to Avoid Becoming a Victim

Almost three years ago, on April 23, 2013, the Honolulu Star-Advertiser published the Tech View column "Aggressive, elusive hackers hold computers for ransom," written by Beau Monday who held my current position at Hawaiian Telcom. Almost three years later on May 11, 2017, educational event Hawaiian Telcom University highlighted cybersecurity issues in smart technologies and the rampant growth in ransomware, and on May 12, 2017, the largest ransomware attack hit the world's computer networks.

Over the last three years, a number of news stories and guidance have been published about the dangers of ransomware and ways to protect your information. However, the world is still susceptible. Why? After all these years, people have not fully grasped that computer maintenance is a requirement and that computer security warnings require action. Remember, software is written by humans and humans are not perfect. We will always have imperfect software and those imperfections, once discovered, will be exploited by hackers.

Computers are Not Toasters.

A toaster either works or doesn't work and we maintain them at our convenience. Consumers have similar expectations with computing devices and vendors have accommodated. Security issues are displayed as alerts and warnings that ask whether you want to take action immediately or when it’s convenient. How many of us ignore these notifications because they are interrupting our online shopping or web browsing?

In 2002, then CEO of Microsoft Bill Gates announced the launch of its Trustworthy Computing initiative to improve the overall security of its operating systems, which culminated with the release of Windows Vista in 2007. This version of Windows was applauded by security experts for its enhanced security features but criticized by end-users for its experience, which frequently interrupted users to address security issues. Since then, operating systems vendors like Microsoft and Apple have made security updates more convenient to end-users. However, this means the software will work but will be vulnerable to attacks until you apply the security patches, and unlike a toaster, your laptop and smartphone need proactive security maintenance.

The Problem ... Toasters are Becoming Computers.

Security professionals are wary of IoT (Internet of Things) and the security implications of software-enabling every single thing. Based on last week's ransomware attack, it’s very clear that end-users have yet to adopt a culture where software maintenance is routinely conducted on our primary computing devices. The combination of a historically passive culture, inherently imperfect software and its proliferation on hundreds of millions more devices that manage our lives conjures up disaster scenarios of epic proportions.

In all other aspects of technology, companies are upgrading their capabilities to address the growing usage of IoT. For example, Hawaiian Telcom is increasing Hawaii's bandwidth with its partnership in the new SEA-US Trans-pacific cable, wireless providers are preparing to deploy 5G cellular systems, networks are rapidly upgrading to use the next-generation IP address numbering system, IPv6, to accommodate the millions of new devices coming online and many other technological shifts. However, the one area that comparatively lags behind is software security.

Recognizing this, in January of 2017 the Federal Communications Commission (FCC) issued a challenge to the public "...to create an innovative tool that will help protect consumers from security vulnerabilities in the software of home devices connected to the Internet of Things." In its announcement, the FCC stated, "[t]he Internet of Things, an array of billions of everyday objects sending and receiving data over the internet, is expanding rapidly with the adoption of applications such as health and fitness monitors, home security devices, connected cars and household appliances. It holds many potential benefits for consumers, but also raises numerous privacy and security concerns that could undermine consumer confidence." Winners of this challenge will be announced in July. Hopefully, this will lead to the software security improvements necessary to keep our information, homes, cars, toasters and all other IoTs secure.

In the Meantime ...Treat your Computer or Smartphone like Your Car.

Cars have many warning lights and indicators. One alert that most people dread in a gasoline-powered car is the "check engine light." When that light is on, I get nervous because it’s likely that a major repair is around the corner. Some live life on the edge and keep driving with that light on until the car stops running (I try not to ride with them). Most people take their cars in to get checked right away. That’s how we should treat our computing devices. Don't ignore notifications from your computer or smartphone to update its software. Apply the updates soon after being notified. Otherwise, you could be looking at a very big bill from your repair shop or, even worse, a large ransom demand from the hacker holding your data hostage.

Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at michael.miranda@hawaiiantel.com.

© Honolulu Star-Advertiser

Visit this article in the Star-Advertiser