They say that a good fairy tale will be considered as such if it has many different readings and is able to convey hundreds of different messages. Little Red Riding Hood can be read from a cyber security point of view and is therefore one of the best stories ever written. It will certainly make it easier for you to make the little ones at home aware of the risks on the net and, while you’re at it, the grown-ups can brush up on basic security notions.
Perhaps Little Red Riding Hood is already a while ago and so you don’t remember it well, so let’s refresh your memory, but without being exhaustive: Little Red Riding Hood’s mother asks the girl to go to her grandmother’s house to carry a basket of food and reminds her not to leave the road or talk to strangers; on the way a hunter warns her of the presence of a dangerous wolf; Little Red Riding Hood leaves the road to go through the woods and talks happily with the wolf, giving too many details of her errand; the wolf convinces the girl to pick flowers for the grandmother; the wolf arrives before Little Red Riding Hood, eats the grandmother and dresses up as her; Little Red Riding Hood then, although suspicious of the strange grandmother, stays with her and ends up being eaten by the wolf; finally, the hunter arrives at the house and rescues both grandmother and granddaughter, causing the wolf to run off.
What does this have to do with cyber security?
A lot! Let’s go step by step:
- Little Red Riding Hood’s mother asks the girl to go to her grandmother’s house to take a basket of food and reminds her not to leave the road or talk to strangers: when we move around the internet it is important that, like Little Red Riding Hood, we follow safe roads, meaning both the connection, always using secure and trusted networks (public WiFi can be traps to take your data); and the “path” we follow on the internet, avoiding websites and dubious sites where it is more likely to suffer an attack.
- Along the way, a hunter warns her of the presence of a dangerous wolf: it is important to keep security updates up to date. The hunter could be understood as an antivirus that is aware of the nearby presence of a malicious agent and, if it is not up to date, it cannot fulfil its preventive function.
- Little Red Riding Hood leaves the road to go through the forest and talks happily with the wolf, giving too many details of her errand: perhaps the most important part of cyber security is exposed here: it is very important to protect your information because with it they can design a thousand different attacks. Little Red Riding Hood tells the wolf where she is going, where granny’s house is, what she has in her basket… and the wolf uses it for his criminal purpose. So we should not give more information than is strictly necessary and even less if we do not know the person who is asking for it.
- The wolf convinces the girl to pick flowers for her grandmother: it is important that on the internet we do not do what a stranger asks us to do: do not click on that link or open the file sent to you by a strange sender because it is very likely that you are infecting your computer.
- The wolf arrives before Little Red Riding Hood, eats Grandma and dresses up as Grandma: as a result of the previous mistakes, the wolf perpetrates what in cyber security is called a “Man-in-the-Middle attack“: an attacker (wolf) knows that a message (in this case Little Red Riding Hood) must get from a sender (mother) to a receiver (grandma) and uses information he has collected (my name is Little Red Riding Hood and I’m bringing you a basket of food) to get there first and deceive the receiver, thus achieving a benefit (eating grandma).
- Even though Little Red Riding Hood is suspicious of this strange grandmother, she stays with her and ends up being eaten by the wolf: this point is a perfect description of a phishing attack. On the Internet it is common for a website to cross our path that, at first sight, seems authentic and trustworthy (like the wolf dressed up as granny seen from the door of the house by Little Red Riding Hood), but when we get closer and look closely we see that it has spelling mistakes, that the logo is not exactly the original and that the URL has a hyphen between words that the original website does not have (as when Little Red Riding Hood gets closer and sees those big ears, those paws and those fangs so unlike her granny). Caution on networks is essential and if something, whether it is a website or an email, looks suspicious, it is more than likely that it hides some malicious intent behind it.
- Finally, the hunter arrives at the house and rescues both grandmother and granddaughter, causing the wolf to run away: Although Little Red Riding Hood is not an example of caution and her carelessness makes her an easy prey for the wolf, the truth is that sometimes on the networks we end up being victims of some kind of attack even if we have taken all the preventive measures. In these cases, we can rely on cyber security experts, who, like the hunter who rescues grandma and Little Red Riding Hood, can act quickly to minimise the damage caused by a wolf.