When the pundits first said “Every company is a tech company,” it sounded like buzzword blather—until people realized it’s true. These days, companies in any industry—from media to retail—must make technology a core competency if they want to succeed.
And now the same is becoming true of cyber security. Once, it was only a handful of industries such as banking or technology that needed to make security a fundamental part of what they do. Today, everyone else does too. Do you doubt it? Just look at the terrible ransomware attacks that crippled hospitals and major companies like FedEx across the world on Friday—attacks that probably could have been prevented if they had updated their Windows software.
Being good at cyber security may not give a company a competitive edge in the market, but it will prevent security catastrophes, which is just as important. The question is how to achieve this.
People like Oren Falkowitz, the CEO of anti-phishing service Area 1, insist that technology provides the best route to cyber safety, arguing it’s impractical to train everyone in an organization to be good at security. Meanwhile, companies like Cloudflare are proposing industry wide approaches—like an initiative to create VPN-style protection for the Internet of Things—to make connected devices less dangerous.
These are fine approaches, but I can’t shake the impression that corporate culture must be part of the mix too. I recall how it was once okay for those of us in the media to ignore new technology (“why do I need that? I’m a writer!”), but now the industry treats tech literacy as a core part of a journalist’s job.
I get the feeling the same thing will happen when it comes to cyber security. So many cyber disasters are based on exploiting people’s lack of knowledge about elementary ideas like software updates or email attachments. Successful companies of the future may be those in which everyone in the organization has a basic level of cyber literacy.
Sure, that’s easier said than done. But at this point, companies and organizations have no choice.
Thanks as always for reading and have a great weekend. Oh, and if you pass through New York City this month, Robert and I will be hosting panels at the Ethereal Summit about blockchain, on May 19, and the Cyber Investing Summit on May 23. Come say hello!
Jeff John Roberts
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
The “Big One” hits. The ransomware known as WannaCry is still rampaging across the world. The vulnerability, which was developed by the NSA and leaked weeks ago by the Shadow Brokers, can run in 27 languages: “WannaCry could continue to expand its range indefinitely, because it exploits at least one vulnerability that has persisted unprotected on many systems two months after Microsoft released a patch” (Wired)
An “Accidental Hero” slows the damage: A UK researcher found and activated a kill switch in the ransomware software, slowing its spread. He did it by registering an obscure domain name. This worked because the ransomware was built to ping the domain and, in the event the domain, to stop spreading. (Guardian)
So long Pa$$word1! New guidelines from federal agency NIST say long-standing (and annoying) password rules—such as requiring special characters and regular changes—are ineffective. NIST proposes new approaches, including creating blacklists for common or easy-to-guess passwords. (Fortune)
Can we trust Kaspersky? In light of growing aggression from Russia, U.S. officials are warning it may be time to turn away from Kaspersky Lab. The Moscow-based company cyber security products are widely used and respected, but now there are fears Kaspersky’s powerful market position could be a vehicle for snooping or sabotage. (ABC News)
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Companies in developing countries lack easy access to secure payment systems but, as a new venture from Stripe-backed Stellar shows, blockchain is emerging as a “solution.”
McCaleb also said the developing world is fertile ground for adoption of blockchain networks, predicting it will be a “leapfrog technology” that allows users to skip implementing Western-style money transfer systems, and move straight to blockchain. Read more on Fortune.
Microsoft CEO Invokes Orwell and Huxley at developer keynote by Jonathan Vanian
CloudFlare Declares War on Patent Troll with $50,000 bounty by Jeff John Roberts
FCC Buried by Fake and Hate-Filled Spam Comments on Net Neutrality by Jeff John Roberts
Snowden Says Use Cloud Services at your Peril by Barb Darrow
Microsoft Scrambles to Fix ‘Crazy Bad’ Bug by Kate Samuelson
ONE MORE THING
How to handle Russian hackers. Well played, Monsieur Macron. The campaign of France’s new President anticipated Russia would meddle with its operations…and so it totally pwned them with multiple email accounts and fake documents. The counter-measures appear to have exhausted the hackers and neutered the impact of Russia’s big document dump. (New York Times)