“With the right approach, it won’t be something that people will have to worry about,” Microsoft’s founder Bill Gates said of cyber attacks back in October on the BBC. “You won’t have to spend like you spend on an army, it’s just a group of experts spreading best practices.”
But the recent global cyber attack has shown that governments are taking a completely wrongheaded approach to the issue at the moment, wrote Microsoft’s Chief Legal Officer Brad Smith in a Sunday blog post. Smith was responding to reports that the “ransomware” virus dubbed WannaCry had locked up over 200,000 computers across the world. The tools behind the attacks reportedly belonged to the U.S. National Security Agency, according to security experts.
In the blog post, Smith argues that governments have stockpiled software vulnerabilities for offensive purposes, but have failed to inform tech companies of the vulnerabilities. So when the vulnerabilities fall into the wrong hands, its akin to the “U.S. military having some of its Tomahawk missiles stolen,” without offering the proper defense to protect consumers against the government’s own weapons.
“Governments of the world should treat this attack as a wake-up call,” Smith wrote.”They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world… We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Smith also pointed to Wikileaks revealing what it said were the CIA’s hacking tools.
Tech companies such as Microsoft also have a responsibility to be constantly on guard with cyber security—which also means constant updates on its software systems. Microsoft released patches over the weekend to protect Windows versions against the attacks.
But consumers also cannot be complacent, Smith warned. Please, he urged, don’t ignore security updates.
“Otherwise they’re literally fighting the problems of the present with tools from the past,” Smith wrote.