Ian Kilpatrick, EVP Cyber Security for Nuvias Group, comments on the weekend’s ransomware attacks.

There are two separate issues going in with these attacks. Patching and data protection. This vulnerability was resolved with a Microsoft patch in March this year, so could have been prevented if the patch had been applied then. So the primary lesson to be learned from this series of incidents is to be aware of […]

There are two separate issues going in with these attacks.

Patching and data protection.

This vulnerability was resolved with a Microsoft patch in March this year, so could have been prevented if the patch had been applied then. So the primary lesson to be learned from this series of incidents is to be aware of patches and to apply them when they come out. If they had been applied here, the whole wave of attacks would have been mitigated.

The hoarding of attack vectors by government agencies and the implications of that.

This attack came from a set of NSA hacking tools that were released by Shadow Brokers, after they had unsuccessfully auctioned this cache of tools. Essentially, governments are hoarding attacks for their own cyber purposes, rather than informing the suppliers of security flaws.

Whatever you may think of this tactic, and I certainly have my own views on this, it comes at a time when governments are again raising the issue of requiring backdoors into encryption. Encryption is a key requirement for legitimate organisations using the internet, and GDPR will make that even more important in the future. Having a backdoor “only” for government agencies is an unachievable dream. These backdoors will be breached. Legitimate businesses will be victims of this, while criminals and terrorists will just shift to encryption methods that don’t have backdoors.