WannaCry in 2017 was the largest global cyberattack where, for the first time, a malware "affected so many places simultaneously," said Microsoft president Brad Smith, in an interview with Axios. Yet somehow there are still distinctive shortcomings in cybersecurity practices. Smith said victims of 2017's cyberattacks are calling "on all of us to use 2018 as a year to respond."
The tech industry has a "fundamental role" in protecting the public from cyberthreats, according to Smith. To do this, Silicon Valley companies need to find a collaborative solution not only with each other but with government entities. Tech companies have an inherent responsibility to protect the public because they are responsible for creating the very platforms malicious actors use as vehicles for attacks.
- Cyberthreats and attempted attacks occur daily. For example, on Tuesday, Microsoft's Windows Defender AV successfully blocked "more than 80,000 instances" of Dofoil trojan variants "that exhibited advanced cross-process injection techniques," persistence and evasion features, according to a company announcement. About 73% of the intrusions were in Russia while 18% were in Ukraine.
When it comes to cyberattacks, the world seems to keep sleeping through obvious wake up calls like WannaCry. Attacks from nation state actors are increasing and the White House officially credited WannaCry to North Korea in December.
At the time of the May attack, the Department of Homeland security called upon its "domestic-industry partnership" to work with ISPs, federal IT departments and industry to address the threat.
The White House later revealed that Microsoft and Facebook were among those in the industry that took action to weaken and disable cyberattacks from North Korea.
Facebook's CISO Alex Stamos has previously stated that the social network has yet to catch up with its security responsibility. Facebook has faced widespread criticism for its actions, or lack thereof, during the 2016 election.
To bridge the gap between Silicon Valley-based talent and the lack of cybersecurity talent in the federal space, Rep. Will Hurd, R-TX, wants to consider an employee lending program for "10 days a quarter" where employees in the private sector are essentially loaned to the federal government to bring fresh perspective to modernization. This way the private sector maintains its workforce while the federal government can increase its cyber development.
In the meantime, Microsoft executives have invoked a call for a Digital Geneva Convention for tech companies to serve as "medics in cyberspace." The convention could aid in unifying international law for cyber warfare.
At some point major tech companies will proportionately value the strength of their business to the cybersecurity of their customers.