May 2017 arrived and the world experienced it’s latest cyber-attack. Starting in the United Kingdom, the malicious WannaCrypt software spread globally, blocking customers from data unless they paid a ransom with Bitcoin. These exploits were similar to exploits stolen from the National Security Agency, USA. In March, Microsoft had released a security update to address this issue and protect customers. While newer Windows systems were protected, many computers remained unsecured globally. This resulted in hospitals, home computers and governments being affected.
This is a broad example of ransom ware, which is just one out of many types of cyber attacks. To this day, customers have not become familiar with terms like zero day and phishing that are some tools used to attack individuals and infrastructure. Responding to the attack and helping those affected needs to be the most immediate priority. This opens up an opportunity for Microsoft and the industry to improve. The first to respond to attacks on the internet were the more than more than 3,500 security engineers at Microsoft, working to address cyber security threats. This included new security functionality across the entire software platform and regular updates to the Advanced Threat Protection service to detect new cyber attacks.
But as the attack indicates, there is no reason to celebrate. The attack should be assessed, lessons learnt and capabilities strengthened. Microsoft Threat Intelligence Center and Digital Crimes Unit are working together and the learning will be shared with law enforcement agencies and governments across the world.
This attack also demonstrated the degree to which cyber security has come a long way to be a shared responsibility between customers and tech-companies. It is a noted fact that many computers remained vulnerable two months after the patch was released. Cyber criminals are getting more sophisticated and customers will be unable to protect themselves unless they update their systems. No one would like to fight the war of the present times with the tools of the past. This is a reminder that IT basics like keeping customers patched with latest updates is highly important for everyone involved.
Governments of the world should treat this attack as a wake-up call. Consider the damage towards civilians that comes from hoarding these cyber-vulnerabilities. The Digital Geneva Convention was called for in February’17 to govern these current issues with a requirement for governments to report vulnerabilities to service vendors. This recent attack calls for a renewed determination and urgent collective action with the technology sector, consumers and governments working together to protect civilians from future cyber attacks.