Advertisement

The only way to stop another WannaCry is with regulations

The only way to stop another WannaCry is with regulations
From Engadget - July 8, 2017

A darker possibility that could make security a priority is a massive cyberattack. While WannaCry came close, especially with its effect on the NHS, Lewis notes it really just exposed people who were slow to patching. There's the potential for attacks to be even more aggressive and put even more lives in danger. While it would be nice to see extensive regulations pushing security initiatives, it's not hard to imagine that many firms will resist any change until they are forced to deal with serious consequences.

Following the WannaCry attacks, Microsoft's legal head and president, Brad Smith, blamed the NSA and the US government for "stockpiling" the exploit behind it. That security flaw was discovered by the NSA but stolen earlier this year by hackers. And while Microsoft patched the issue once it was made aware, that did not help the millions of people running Windows XP and Windows Server 2012 who did not update. Some companies are stuck with XP because they rely on legacy software and, of course, some users just never get around to updating. XP is 16 years old, and Microsoft officially stopped supporting it in April 2014, so it's surprising they patched it at all.

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," Smith wrote. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today: nation-state action and organized criminal action."

Advertisement

Continue reading at Engadget »