Aardvark DailyNew Zealand's longest-running online daily news and commentary publication, now in its 23rd year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.
Content copyright © 1995 - 2017 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk
Please visit the sponsor!
Recently the NoPetya attack crippled computer systems around the world.
It wasn't just poorly administered home computers that were hit, it was some of the world's biggest and, one would think, most stringently operated computer networks that went down.
For those who have been living in a cave of late, the NoPetya attack involved a piece of malware that encrypted a computer's files and then demanded a ransom for their decryption. Payment was requested by way of Bitcoin so as to preserve the anonymity of the attackers.
Many private, commercial and government systems around the world fell victim to this attack and those without proper disaster management strategies were badly affected.
The BBC today published a story about one of the worst hit companies, TNT.
The BBC piece shows just how much of a spanner this attack threw into the daily operations of one of the world's largest courier companies.
It is not a pretty picture for the company or its customers.
Even now, some time after the attack, the company is still feeling the after-effects and claims that it is unlikely all the lost data will be recovered.
Where are their backups?
Where are their disaster-management strategies?
Where were the procedures designed to protect their essential IT systems from such malware?
Why were their IT people so asleep at the wheel?
I would certainly hope that TNT spend a lot of time in postmortem, analysing what went wrong and how a repeat of this situation could be avoided in future. I would also hope that other companies and organisations also take note of the way that this simple attack so badly disrupted the company's operations for so long.
Fortunately for TNT, they are owned by FedEx, which means that they're unlikely to go under as a result of the lost business and reputation this attack has produced -- but a smaller company could well have been sent to the wall by such a lack of preparedness.
Following on from yesterday's column... how would this company have coped in the event of a large CME which might also take out their IT systems?
I am amazed that so many very large companies appear to have done so little to protect themselves from the inevitability of disaster.
We need only look at the way other worms and viruses have spread through mission-critical systems to see that perhaps its time there was a major overhaul in the design of the Net and the increasing reliance placed on it by commerce and government.
Is the Net becoming just too unsafe for such things as critical infrastructure management?
Should a parallel network, available only to authorised/certified parties, be built for the purpose of such sensitive systems?
Will we reach the point where sometime (in the not too distant future), all code will have to be digitally signed by a recognised certification authority before it can be run on a Net-connected computer?
Please visit the sponsor!
Have your say in the Aardvark Forums.