‘Ye living men, come view the ground where you must shortly lie’

May 14, 2017

 Hark from the tomb a doleful sound, mine ears attend the cry

‘Ye living men, come view the ground where you must shortly
lie’.

Those words (Snake Island, Isaac Watts, 1709) are the opening
lines from a song the Lingmara choir performed last week – I was at fourth bass.
The lines came to mind as I read more and more reports on the recent ransomware
attacks. Cyberattacks are, it seems to me, a lot like death – we all know it is
going to happen to us but we spend most of our time carefully avoiding
confronting the fact, bar the odd life insurance policy and (for a minority) a
will.

Once the warm glow of not running Windows XP has passed, the
reality dawns that no organisation of any substantial size is safe from attack.
Which organisation can guarantee that not one of its employees would ever click
on a link or download from a strange email? Recognising that and the limitless
folly of humanity (including the folly of those with admin passwords), even those
with great IT security resources might muse on the lines from Isaac Watts that
follow his cheerful opening:

Princes, this clay must be your bed, in spite of all your
towers

The tall, the wise, the reverend head must lie as low as
ours.

I suspect that Isaac Watts would have prescribed a
combination of prayer and acceptance; I think he rather liked doom and gloom. But
I’d like to fast-forward a couple of poetic centuries and advocate a bit of constructive
raging against the dying of the light.

Law firm IT directors and those with security
responsibilities will never have a better opportunity to upgrade their budget
and equipment. It is not an opportunity to be missed and it is a brave person
that refuses them at the moment. Patch and upgrade – obviously – but be wary of
the snake oil salesmen who will see this as their perfect opportunity to sell
irrelevant extras. A lot of any extra money should go on staff training because
that will always be a weak link – the wetware is the contributory cause of most
security problems, probably including this latest one. (And beware an avalanche
of unsophisticated phishing attacks on the back of Wannacry.) Follow the National
Cyber Security Centre guidance
on Wannacry and the broader guidance
on protecting against ransomware
. Back up, and back up again, and consider
the efficacy of a remote back up – and retain back-ups for ages (as some
nasties have delayed triggers – almost a year in some cases). If you are cursed
with old operating systems, consider locking the core of the machines down so
no external program is allowed to launch or modify the settings. You might also
review who has access to what – limiting access within communities can be good
data protection policy but also has the effect of limiting damage.

The closing lines of Snake Island might suggest that Isaac
Watts was many centuries ahead of his time:

Great God, is this our certain doom and are we still secure

Still marching downward to the tomb and yet prepared no
more?

While attack is certain, doom and this particular tomb are
optional. Be prepared. And maybe pray a little.