And the thorny problem of cyber breach etiquette
Google has disclosed the existence of a “zero day vulnerability” in Microsoft Windows software – meaning there’s a hole in software that can be exploited by hackers. Google notified Microsoft of the vulnerability on Oct. 21, and then disclosed it publicly yesterday – much to Microsoft’s annoyance. “We believe in coordinated vulnerability disclosure,” the Seattle company responded. “Today’s disclosure could put customers at potential risk.” There is not yet a fix to the problem.
The spat highlights a bigger issue facing business. With cyber attacks on the rise, there is still stunningly little agreement or established protocol on how companies and government agencies should respond to such attacks.
I recently moderated an off-the-record session on the topic, where CEOs of some of the nation’s largest companies stood up and told tales of massive cyber breaches. The one point on which they agreed was this: such incursions can’t be prevented. But there was disagreement on what to disclose, when to disclose it, and how closely to work with government agencies.
This year’s election has further highlighted the problem. While emails found on Anthony Weiner’s computer are generating headlines in the final days of the campaign, it’s the hacked emails released by WikiLeaks that should be the real cause for concern. Whoever wins the election is going to have to deal with the fact that cyberattacks have become one of the top threats facing the nation, and business and government need new protocols for how to respond.