Why changing priorities and straying from the beaten path could help reduce the risk of cyber-attack…

I am sure that you’ve noticed that the NHS (along with a large number of other worldwide organisations such as Deutsche Bahn, Telefonica and FedEx) has been hit by a targeted cyber-attack that disabled computers using the Windows XP operating system. The attack encrypted a user’s files, making them inaccessible unless a ‘ransom’ was paid to the attackers. People have pointed the finger at out-of-date operating systems, lack of funding and poor security procedures, but are these really the underlying issues, or only failures in diagnosing a more fundamental malady in global computing?
Let’s look at an analogy. Farmers tend to plant just one crop in a field as this can be efficiently prepared and harvested by large machines. Their focus is efficiency. But, this leads to problems if a plant becomes infected by disease. As each plant is in close proximity to an identical neighbour, the disease can spread quickly and affect the whole field. However, if the farmer changed their priority from efficiency to disease control and planted crops in smaller areas separated by different crops, any infection would find it harder to spread. One patch may become infected but the spacing between patches may limit the spread of infection.
So how does this apply to computers?
Cyber criminals also commonly focus on efficiency. They will target the most common operating systems to yield the greatest income, or inflict the most damage. As Microsoft Windows is the most popular desktop computer operating system, with around a 90% market share, it attracts the most attention from criminals. This creates two problems:
1. There will be more malware for Windows users to avoid.
2. Such malware is likely to spread faster as the density of Windows systems is the greatest (just like the large field of identical crops).
So how can we ensure our computer ‘crop’ does not get wiped out by one infection? Can we find a crop that’s less likely to be infected? How can we help slow down the spread of infection?
Linux is a popular open source operating system for internet servers, but is rarely found as a desktop operating system (around 2% globally use it on the desktop). As such, while there is malware aimed at Linux systems, it again follows the crowd, and is aimed at servers. So, if a business were to change their priority from ‘we must run Windows on the desktop because everyone else does’ to ‘we must be more secure’ and adopt Linux, they would face fewer threats and have less chance of infection as the Linux crop is spread few and far.
Sounds good, so what are the downsides? Well, as always, there are some, but that’s a story for another day!
If you can’t wait that long and want to know more, why not explore your open source options with the School of Computing and Digital Technology? We are researching the potential of open source software and are looking for business users to help with this research.
Please get in touch if you are interested in finding out how this can help your organisation.