Microsoft Windows Outage A Wake-up Call Of The Risks Our Globalized Society Faces, Says Shrisha Rao

Prof. Rao said that the recent outage is an example of what happens when caution is not exercised. A significant network outage occurring on July 19th and linked to CrowdStrike crippled Microsoft-based services, causing widespread disruptions that are only now being slowly resolved. Ironically, the CrowdStrike technology, which is designed to provide security, has itself introduced a significant vulnerability into the system.  

In an interview with Lokmat Representative Dr. Anubha Jain, Prof. Shrisha Rao talked in detail about the recent Microsoft Outage. He said that while this event is not said to be connected to cyber warfare or criminal activity, its impact is profound, not only in terms of huge financial losses in the millions but also possibly causing significant harm to many affected individuals.  As reliance on digital platforms and cloud services grows, so does our exposure to potential outages and cyberattacks. It highlights the urgent need for robust cybersecurity measures and contingency plans to mitigate such risks and ensure resilience in our digital infrastructure.

Prof. Rao said, "Greater connectedness through advancements in communications, networking, and cloud computing has revolutionized our lives, making everyday tasks more convenient. We can easily communicate with anyone, anywhere, and access information and services instantaneously. Remote work, online shopping, and digital entertainment have become the norm, increasing efficiency and convenience. However, this interconnectedness has also introduced new vulnerabilities.

Outages in cloud services or network disruptions can paralyze businesses and individuals alike, leading to significant economic losses and inconvenience. Additionally, the reliance on digital platforms has created new opportunities for hackers and criminals. Cyberattacks, data breaches, and ransomware have become more prevalent, posing significant threats to personal and organizational security. As we continue to embrace these technologies, it is crucial to invest in robust cybersecurity measures and develop strategies to mitigate the risks associated with increased digital dependency.

Online security threats come from various actors, each with different levels of sophistication and motivation. At the lowest level are small-time criminals who primarily target individuals for financial gain. These attackers typically use basic techniques like brute-force attacks, dictionary attacks, and simple phishing. Their technical capabilities are limited, and basic security measures are often sufficient to deter them.

More advanced are black-hat hackers and organized crime groups. These criminals operate on a larger scale, targeting both individuals and organizations. They employ more sophisticated methods such as advanced phishing attacks, social engineering tactics, and exploitation of known vulnerabilities in systems or software. The data they steal may be sold on the dark web to other criminals.

The most formidable threat actors are state-sponsored entities. These groups have vast resources at their disposal, including advanced technology, significant computing power, and substantial funding. Their attacks can range from espionage and sabotage to full-scale cyber warfare. They often target critical infrastructure, government agencies, corporations, and individuals of strategic interest. State actors may use highly sophisticated techniques like zero-day exploits, advanced persistent threats (APTs), and custom-developed malware.

All individuals must understand the importance of cybersecurity. Personal data compromised today can be leveraged for future surveillance or manipulation. Compromised accounts can jeopardize the privacy and safety of people and they can also serve as entry points into broader institutional and national systems, potentially affecting the security of entire organizations or even countries.

State actors possess particularly advanced capabilities in password cracking and data analysis. They have access to vast computing resources and sophisticated algorithms, making shorter passwords ineffective. They may also have access to personal information gleaned from various sources, including social media and leaked data. This means that using any personal information in passwords (such as pet names, hometowns, or favorite things) is risky.  It's also important to note that state actors likely have access to an enormous corpus of text in multiple languages. This means that using phrases from published works, even in less common languages, is not a secure password strategy.

To protect against these threats, it's recommended to use strong, unique passwords. Regular software updates and cautious online interactions are also crucial. Being aware of and guarding against sophisticated phishing and social engineering tactics is essential."

In the end, he said that cybersecurity is not just a personal concern but a collective responsibility with far-reaching implications for individuals, institutions, and nations. As the digital landscape evolves, staying informed and practicing good cybersecurity hygiene becomes increasingly important for everyone.