Cyber attack – who’s to blame in your business?
Commenting on the ongoing issues caused by the WannaCry cyber-attack, Joe Hancock, cyber security expert at law firm Mishcon de Reya – the malicious software used in the attack infects systems and encrypts their contents – often known as ransomware.
These types of attacks have been growing in recent years, but have not been seen at this scale before. The attack can move from system to system laterally, as well as being delivered via malicious e-mails. Much of the blame for this week’s specific problem has been laid on organisations using Windows XP, an operating system that is 16 years old and has not been supported by Microsoft for three years.
Whilst people are strongly advised to move away from the platform, Windows XP is here to stay – it is embedded within many devices, from MRI machines in the health service to Point of Sale systems in large retailers which cannot be easily or cheaply upgraded. There will be a large global investigation into these attacks, and it is probable that some of the perpetrators will be identified. It is unlikely however that all those responsible will be held to account.
As well as an in-depth investigation, we are now likely to see a strong reaction from governments, speeding up the regulation of crypto currencies such as Bitcoin and anonymous payment mechanisms that allow criminals to profit from such attacks. Somewhat conversely, such mechanisms are often the very thing that also allows new digital businesses to thrive. More broadly, a debate is emerging between large tech vendors and the government, as to where responsibility lies for the disclosure of vulnerabilities. It is likely that the National Security Agency (NSA) had previously identified this issue, but for intelligence purposes, chose not to disclose publicly. The damage caused by it being leaked into the wild is now, unfortunately, all too clear.