Ransomware is the best problem infosec has had in decades

10 Jul 2017

Tarah Wheeler on stage at Inspirefest 2017. Image: Conor McCabe Photography

Ransomware attacks may be hitting the headlines a lot lately, but did you know that they might actually be a good thing in the long term?

With constant ransomware attacks such as WannaCry and Petya making the headlines both here in Ireland and abroad, the information security (infosec) sector has never been in the public eye quite so much.

In this vein, people have come to fear ransomware more than ever before, picturing it as an evil entity ready to infect our computers, our phones and our software at any given moment.

However, website security czar Tarah Wheeler believes that ransomware is the best problem infosec has had in decades.

“Information security just got a lot more real, didn’t it?” she said at Inspirefest 2017. “So much devastation wrought by those cyberattacks. Well, let’s talk about what that kind of attack means.”

Ransomware can’t be hidden

“Let me start off by warning you, I’m a dirty, dirty hacker,” quipped Wheeler at the beginning of her talk.

“I break things for fun. I do it for myself, for my family, for my community and for Symantec upon occasion.”

Wheeler explored the differences between data breaches and ransomware, and why the latter is a much better problem to have.

“Companies can hide data breaches but ransomware can’t be hidden.” She said when it comes to entering sensitive information online, we can often be left wondering if our data has been compromised.

“You may not be sure with a data breach. And, believe me, 60pc of companies last year in the US experienced data breaches, but how many of them informed you of that?”

However, with a ransomware attack, we are left in no doubt. This awareness among consumers will then force companies to be more transparent about their data breaches.

“Knowing is always, always better than not knowing.”

Wheeler also pointed out that the debate about ransomware versus data breaches is akin to having someone take your phone and smash it on the ground versus having someone lock you out and gain access to it themselves.

“I know I would definitely choose having my phone break over having a release of the kind of personal and private information and some of the pictures I’m certainly hoping will be on my phone after my honeymoon,” she laughed.

Solving problems in a new way

Wheeler also talked about the infosec community. “The people that created the solutions and brought about the amelioration of the major ransomware attacks that have occurred over the last two to three months, they weren’t sitting in a boardroom. They were sitting in coffee shops and basements.”

Wheeler said she and her friends solve these cybersecurity problems every day because they are willing to collaborate. “We’ve become an army of people dedicated to the good,” she said.

She also discussed the importance of human rights to privacy and said that anyone that wants to can become part of the solution.

“New minds are the ones that solve problems in information security,” she said. “We can’t use the same solutions to fix old problems. We need people who aren’t mindless drones.

“Hackers are not the devil. They’re not evil … they’re just people.”

For anyone interested in entering the infosec sector, Wheeler said cybersecurity is not an impenetrable world.

“Please consider a career in information security and cybersecurity,” she said. “Information security is a profound blessing and a curse every day to be part of, and I think if you want to be part of that, I would welcome you to it.”

Jenny Darmody is the editor of Silicon Republic

editorial@siliconrepublic.com