In the wake of the devastating WannaCry cyber attack, Microsoft has urged global government agencies, particularly the National Security Agency (NSA), to assume greater responsibility in their role to deter such attacks in the future. This comes despite the fact that the initial vulnerability was a shortfall within Microsoft’s own operating system, a flaw which has since been addressed in a March update. Microsoft’s President and Chief Legal Officer, Brad Smith, expressed the company’s stance on the matter.
“The WannaCrypt exploits that were employed in the attack were derived from the trove of exploits pilfered from the NSA in the United States. The heist was publicly reported on earlier this year… This incident serves as yet another grave reminder of why exploit stockpiling in the hands of governments is a major issue. An alarming trend is emerging in 2017. We have already witnessed vulnerabilities stored by the CIA making their way onto WikiLeaks, and now a weakness stolen from the NSA has created a global ripple of disruption. Incessantly, exploits held by governments have found their way into the public sphere and caused extensive damage. A parallel scenario in the context of conventional weaponry would be equivalent to the theft of US military’s Tomahawk missiles. This recent attack forms an unintended yet disconcerting correlation between the two most significant forms of cybersecurity threats that we face today – nation-state actions and organized criminal activities.
Nations around the globe must consider this attack as a glaring alarm bell. A shift in approach is required; the cyber realm must adhere to the same principles applied to weaponry in the physical world. Governments must fully comprehend the collateral damage inflicted on civilians resulting from the hoarding of these vulnerabilities and the subsequent use of these exploits.”
Reports suggest that government agencies like the CIA and the NSA are often aware of these vulnerabilities but fail to notify tech companies, creating an exploit window for cybercriminals. I concur with Microsoft’s perspective on this issue. Although the ravages of the WannaCry attack may have subsided, future cybersecurity landscape may not prove to be as forgiving.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
