The short answer is a hard "no", but in this post I'll explain why, and why there are nuances.
I've talked about WannaCry in previous posts and come May this year, that event will reach seven years old. I also talked about how that attack wasn't an original of the species, although its impact at the time was pretty profound. What it did achieve though was a material change in the cyber landscape, where attacks of this nature became 'cool' and the 'go to' for criminal gangs, many of which are supported by the home nations of the bad guys, or at least let loose on the world with a blind eye turned, providing a tribute is paid into the relevant exchequer.
So, seven years... What's changed?
Well, nothing much really. We're still getting the same things wrong, or simply not doing the right things to begin with. Examples include - running out of date 'stuff', not securing user accounts across the organisation, keeping people in the dark when it comes to risk, whether that be frontline staff or people on the Board. These are examples, but the list isn't exhaustive.
The point being that they are basics that all organisations can and should get right, in order to avoid that really bad day.
So, is there anything different about 2024?
Yes, there is - global politics and conflict. Now, these things aren't new, but this year will be busier than usual. Let me explain...
In 2016 there were two quite notable world events - the UK's decision to leave the European Union and the election of President Donald Trump as the 45th leader of the United States. Both of these were beset by infiltration and would-be manipulation, both by the political actors in play, the media (mainstream and social) and also overseas actors that were keen to see outcomes that flattered their own internal and foreign agendas. This has now become the new normal and will be a feature again in 2024, and beyond.
This year, we're back in the game - the UK and US both face leadership campaigns and you can bet you last dollar that everyone with any kind of interest in the outcomes will be in the vanguard of disruption, to try and get the result they want. It's almost like local politics no longer matters, as the geo-politics emerge as the greater power.
We should also note that in addition to the ongoing local skirmishes that exist worldwide, be still see a major conflict continue in Ukraine, while more recently war has erupted between the Israelis and the Palestinians. These "special military operations" (as quoted by Putin) are rarely over within a few days and as we now see and have seen throughout history, develop into wars of attrition that rarely end amicably and in every example end with significant loss of life, wellbeing and so on.
So, it's not all political, except it is and of course the crime that underpins it.
How does this affect me?
It's important to remember that when there's a 'thing' going on in the world, there's invariably a corresponding hustle. If we look back again at 2016, there was clear interference in both the Brexit and Trump situations and there's plenty of evidence out there in support of that. Foreign and domestic actors will both be very busy during the run ins to these things, be that through misinformation / disinformation activities (using social media platforms we all use), or just through plain old email phishing.
We've seen it all before many times. "Click here to declare your allegiance" to one political flag or the other, "Be appalled by this policy and click here to declare it!" and so on. In 2016 it became far more mechanical and precise, when Cambridge Analytica used the Facebook platform to harvest political leanings from people in the UK, which then were found to influence both the Brexit and Trump campaigns. There was also evidence of Russia having a heavy hand in this. Again, the truth is out there. Brexit happened, Trump got his chair in the Oval Office, the far-right got what they wanted and here we now are.
All because of the link between technology and humans. Or vice versa. Technology isn't cognitively fallible. It takes its instructions from humans, who are cognitively fallible.
Anyway, philosophy dispensed with, what can we do? Be aware is really the best advice. And by being aware, I don't mean just by fact checking everything you read in the news (this is good advice on its own), but by also seeking out and applying the relevant controls that apply to you personally, and also your organisation. And of course the threats and where those controls mitigate against them.
Like I said, there's a hustle for everything going on in the world and it's always been the case. Whether it's conflict, politics or indeed crises such as we saw during COVID, there's always a crook out there trying to capitalise. And the crooks aren't always running around with swag bags and stockings on their heads. Some wear suits and smile at you on TV.
Social engineering goes back to very first time in history someone manipulated someone else to get something they wanted. These days it's cash, likes and votes.
A little bit of savvy, with a little bit of support can help you avoid falling into the trap of world changing events. It's as real as that.
For more information about how Octopi can assist you at any time around your cybersecurity posture, drop us a line using the form below.
Thanks for reading.