By Gabriella Alexander, Senior Experience Planner at Ogilvy UK

 

I was lucky enough to find myself at this year’s New Scientist Live event, held in London’s ExCel exhibition hall. Enlightenment was plentiful across the Engineering, Tech, Human, Earth and Cosmos stages, but the talks I found most captivating were about email-facilitated ransomware worms and, believe me, tech is not my usual topic of choice.

Here, then, is a short distillation of what I learned about the world’s most destructive cyber-heist to date, and how we, as marketers, can do our bit to help prevent the next big cyber-crime.

How it all started

A decade ago, cyber security was as niche a topic as social media. We had a couple of stones thrown in the pond by a few super hacks but nothing more than a few hours of inconvenience, a little corporate embarrassment and a handful of ‘reputation management’ consultants explaining why it was an anomaly.

Then, in 2017, a bite-sized bit of dynamite prodigal code called Eternal Blue,  escaped from the US government secret service. And a perfect chain reaction of human complacency, corruption, malware and greed was born, in the form of ‘Wannacry’. An apt label for one of the deadliest global cyber threats to date.

In May 2017 Wannacry brought the already-creaking British NHS to its knees, as well as many businesses, infrastructures and lives across the globe.

Map of Countries initially affected by Wannacry attack

And all because a Microsoft patch, the conscientiously constructed vaccine for the virus, distributed two months before, wasn’t used.

Turned off by tech jargon

In my content strategist/digital experience planner mind I, perhaps naively, wonder whether the email alert probably read something like:

‘Download the xxxx update blab update blaaa operating system Microsoft to avoid serious computer blab la bla.’

If so, it would have been harder to ignore and more (marketing term alert) engaging and usable to the time-starved, super-stressed NHS employees if it had, say, some arresting red buttons and maybe even an eye-catchingly macabre image of graves – showing the human cost of not upgrading a hospital’s security system. 

Armageddon at the click of a mouse

Which brings me to one of the overwhelming conclusions from my days at 2018’s New Scientist Live: that the fundamental question of the next decade, if we are to be fit and well enough to find alien life, de-bug our DNA, and save the planet is:

‘Should I or should I not open this email’?

I find my mouse twitching cautiously about my inbox, worrying when the trap will snap because, as all the experts warn, it’s not a question of if but when…

What the brilliant talks of cyber security gurus and savants Mike Richards and Joseph Rooke brought home is that a single unassuming employee, or even an enterprising toddler, could open an email and inadvertently trigger an IoT (Internet of Things) collapse, or worse.

So what can we do?

Some traps will be invisible and nigh-on undetectable, for example, an email that looks just like emails you safely open every day, or a call from a loved one asking for a favour that sounds precisely like your own sister and even uses her turns of phrase, references things and people in her life that surely only she could know, as discussed by Trevor Cox in his Computers and Speech talk.

Other traps, the clumsy ones, the broken ones, the broken English ones, will be easier to detect and we must e.g. An urgent message you haven’t seen before, in bad English. If in doubt – don’t open and ask the IT gods for help.

And so, given that you’re now on razor sharp alert for fishy emails (and voice messages), the next thing to do, be you an individual or a business, is to download (and get your friends, families and colleagues to download) every possible IT update known to man or robot. And keep updating at the first opportunity, no matter how busy you are or how sick you are of IT updates. Or else you may suddenly find yourself with plenty of time for contemplation.

Here’s a simple, highly readable article about what you, either as an individual or a business, can do.

Or go to the Microsoft site’s Wannacry page, if you want a text-book lesson in dense, hard to read, difficult to action content. Then find an agency like Ogilvy UK if you want some specialist content advice.

Finally, here’s a sobering and as yet incomplete Wannacry timeline (courtesy of Zscaler ) complete with attention-grabbing design and UX (courtesy of Ogilvy).

Let’s be careful out there.