Two days after a massive cyberattack – the WannaCry ransomware attack – crippled countries across the world, tech giant Microsoft’s president and chief legal officer Brad Smith published a blog on Sunday calling for collective action from tech companies, governments and the people in order to preclude similar attacks in the future.
The attack, which prevented users from accessing their data till a ransom was paid in the form of Bitcoins (hence, belonging to the 'ransomware attack' category), affected UK and Spain in the beginning, and eventually spread to over 150 countries, including India.
The three lessons shared by the chief legal officer were telling, and highlighted that cyberattacks be considered as seriously as traditional military attacks, needing a comprehensive approach involving all stakeholders.
Lesson 1: Buck up, Tech Companies!
Smith outlined the various measures taken by Microsoft to make the Windows ecosystem more foolproof, calling his company "the first responders to attacks on the internet". Among these measures he highlighted were timely roll out of updates and patches, along with strengthening the interface with customers.
But as Smith adds, much introspection and work still needs to be done by the company, and the lessons need to be shared with the law enforcement agencies, governments and customers.
The response of Microsoft, says Smith, can be treated as a blueprint for other tech companies to follow, and also work in tandem with each other.
Lesson 2: Attention Public! Update Your Systems, Follow The IT Basics
Simply put, Smith tells the users not to be lazy and promptly update their systems with the latest software and the security patches in order to avoid the next WannaCry.
But here, it is also important to note that a lot systems, especially in a country like India, use outdated Windows software including Windows XP, which are no longer given security assistance by the company, hence making them more susceptible to such attacks. The company released a patch compatible with the older software only retrospectively after the Wannacry epidemic broke out.
But, Smith recognised this problem saying:
At the same time, we have a clear understanding of... how updates can be a formidable practical challenge for many customers.
The way forward, according to him, lies in enabling rapid updates via "robust testing and analytics" and ensuring "security updates are applied immediately to all environments".
Lesson 3: A Cautious Government
With the Wannacry cyber attack being carried out by means of hacking tools developed by the US National Security Agency, Smith notes a pattern in the government actually facilitating such attacks by "stockpiling of vulnerabilities".
...this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organised criminal action.
His suggestion is for governments to start treating cyber attacks as seriously as the military ones, and develop and abide by rules exclusively pertaining to the cyber world (so that they don't end up scoring an own goal like they did in this case).
Ultimately, calling the WannaCry attack a "wake-up call", the Microsoft president emphasises on the need to build an interface among the tech sector, governments and customers as well as approaching the cyber-attack menace from a global perspective, “defending every customer everywhere... regardless of their nationality”.
Read the full blog here.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)