In an age when nobody is safe from the prevalence of cybercrime, end-users need to be literate and educated in savvy IT usage.
Cybercrime is a global trend, with coordinated and planned efforts to extract information or money. International financial software Swift has recently been infiltrated by cyber criminals resulting in the theft of US$81 million.
In an age when nobody is safe from the prevalence of cybercrime, end-users need to be literate and educated in savvy IT usage. The Integrated Health Information Systems (IHiS), which manages systems across Singapore’s public healthcare sector, has seen a rise in number of ransomware attacks compromising healthcare systems. The key to victory against these hackers lie in the hands of the end-user.
As the final gatekeepers to very real threats, end-users make all the difference by being curious or cautious: They can click into a suspicious file, or send it directly to the relevant IT departments to sound the alarm.
Francis Fan, Group Director of Technology Management at IHiS, shared, “Ransomware usually comes in the form of emails with executable files attached. They may look innocent, but if you open the attached files, malware is downloaded which will encrypt files in the system. A message will then tell you that you are can’t proceed, your computer has been hacked and locked, and that you need to pay a certain sum in bitcoins to regain control of your files.”
Francis Fan, Group Director of Technology Management at IHiS
He explained further, “The hospitals and institutions are actually prepared for ransomware attacks but the weakest link is always the user. Technology can only do that much. We have all the hardware and software in place, but it takes just one user who may be instigated by curiosity to click on malicious attachments, and we would have fallen for the trap.”
Tackling cybercrime takes a two pronged approach: Robust and secure IT infrastructure, and educated and cautious end-users. As a rule of thumb, users should always update their anti-virus software (or allow it to be updated), back-up all data regularly, and scan any suspicious files they receive. Any suspicious emails should not be opened, but instead be forwarded to the IT Department.
"It takes just one user who may be instigated by curiosity to click on malicious attachments."
- Francis Fan, Group Director of Technology Management at IHiS
Malicious files can lock down a computer of a user directly, or hibernate until it has spread laterally through file sharing to more terminals. The latter presents a more serious threat, with command and control call-back to hackers’ servers in another country, threatening entire system lockdowns that can paralyse an organisation. In a healthcare institution, this can mean no access to medical records or equipment, preventing assistance to patients at the most critical moments.
“It is a cat and mouse game. Today we can block most threats, but tomorrow some new threats will appear, hence defense plan will have to be updated. You can never be 100-percent prepared,” Francis highlighted, “The worst thing to do is to assume someone else will take care of it.”