Threat modeling is when the user thinks about who would potentially try to breach data to better protect it. It reminds me of how detectives will try to solve a case by putting themselves in the suspects’ shoes—they try to think like the suspect in order to predict what moves the suspect would make. As technology becomes more and more of an essential part of daily life, data breaches and cyberattacks are quickly jumping the list of the most likely global risk, trumped only by natural disasters and extreme weather events.
Ransome ware is malware that locks a computer to prevent the user from accessing data until a ransom is paid, typically in Bitcoin to prevent tracing. It is extremely effective since the hacker can tailor the hack to make it personalized and harder to crack, almost like creating a custom key to unlock the malware. It is often installed on a computer through tainted website links or clickable downloads. Hospitals are extremely susceptible to ransom ware due to the immediate need for up-to-date and accessible data. They cannot afford to shut down while they try to remove the ransom ware and will often give in to what the hacker wants in order to be able to access data again.
It’s important to back up your data often to prevent it from being lost, whether to a hacker or other. Also, you should never click suspicious links, and definitely do not download software that you don’t fully trust.
Hi Sophie, thanks for your response! Do you think that what we’ve seen of threat modeling has been effective? Tying it into malware, how could one effectively model a threat that is tailored specifically to your system? I feel as though hospitals should make greater efforts in this area, if it is known they are a target, but perhaps the field of threat modeling simply isn’t that advanced. Please let me know what you think!
Hello Sophia,
Thank you for your post! I really liked your analogy to how detectives try to solve cases by putting themselves in the suspect’s shoes, I never thought of it that way! It makes sense though, sometimes the most sufficient way at protecting something is to think about what could potentially harm it and prepare for those certain scenarios. I think that the image you inserted in your post was very helpful as it explained some of the practices the users use when conducting threat modeling. The one that I believe is the most important is using existing resources, as you are able to use yourselves, others around you, and any other resource available to you.
Hi Sophie,
I liked reading your post. It’s terrible to think about, but hospitals are like hitting the jackpot for hackers. Like you said, the hospital can’t put patient’s lives on hold, so they’re ultimately going to have to give the hackers what they want. As for us, there’s many things we can do to make sure we’re protecting our data, such as using longer passwords with different characters (and changing them regularly) and not clicking on suspicious links.
Hi Sophie! I enjoyed reading your post! I really liked your visual representation! I liked your analogy to detective going into a suspects shoes to know their next move. Good job!