Microsoft responds to cyber attacks on its computers
Two days after the malicious “WannaCrypt” software attacked more than 200,000 Windows computers throughout the world, Microsoft President and Chief Legal Officer Brad Smith wrote on behalf of the company and responded to the cyber attack by calling for action from the tech industry, the government, and users.
“Clearly, responding to this attack and helping those affected needs to be our most immediate priority,” Smith wrote. “We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident.”
Smith believes that from this attack there are three areas for improvement that can help stop another global cyber attack.
1. Microsoft needs to be responsible for addressing attacks
When cybercriminals stole the NSA’s information about the vulnerability of Windows computers, Microsoft acted fast to release a security update to patch this attack and protect its customers. The day the attack happened, Microsoft also released a Windows Defender update that could detect whether the malicious software was on your computer or not.
“But as this attack demonstrates, there is no cause for celebration,” Smith wrote. “We’ll assess this attack, ask what lessons can we learn, and apply these to strengthen our capabilities.”
2. Users and tech companies need to work together
Even though Microsoft sent out an update to protect its users, some people still didn’t update their computers for various reasons. Cybercriminals are becoming more sophisticated, and if users don’t update their software, then they’re fighting today’s threats with yesterday’s tools.
To truly avoid cybercriminals, you need to update more than your software. Exploring vendor risk management and identity verification security solutions is pivotal to any business that wants to avoid being affected by a global cyber attack
3. Government’s stockpiling system vulnerabilities is a problem
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Smith wrote.
Smith compares this cyber vulnerability leak to, “The U.S. Military having some of its Tomahawk missiles stolen.” Microsoft wants government to use this attack as a wake up call. They also want a new Digital Geneva Convention that requires governments to report vulnerabilities to vendors, rather than stockpile the information for themselves.
The NSA’s information being stolen also raises an important point of how secure their data is. Outdated security can potentially mean that anyone with a fake badge can walk into a secure building if that enterprise doesn’t use identity verification or fingerprinting services to secure its business.
When a cyber attack becomes global, it’s hard to pinpoint just one party responsible for the blame. Microsoft is willing to take its share of responsibility, but it also wants others to do the same.
“We need the tech sector, customers, and government to work together to protect against cybersecurity attacks.”