Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/8/2018
05:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft President: Governments Must Cooperate on Cybersecurity

Microsoft's Brad Smith calls on nations and businesses to work toward "digital peace" and acknowledge the effects of cybercrime.

It's an exciting time to be in technology, according to Microsoft president Brad Smith. It's also a dangerous time.

Smith took the stage at this year's Web Summit, a tech conference held in Lisbon, Portugal, to emphasize the need for global cooperation on cybersecurity as technology continues to evolve. The benefits that technology has created are as dangerous as they are awe-inspiring, he said.

"It's an exciting time to be at a place like this," he said. "But that's not the only thing that's happening. We also live in a time when new threats are emerging … new threats that involve technology itself" and culminate in attacks on electrical grids and elections alike.

Addressing an audience of tech professionals, Smith explained: "The tools that we've created — the tools, oftentimes, that you've created — have been turned by others into weapons." It's something Microsoft sees in 6.5 trillion signals and data points it receives daily, he added.

Smith said often when he speaks to people in government about these attacks, they sometimes say "we don't really need to worry" because cyberattacks involve machines targeting machines, not machines targeting people. He disagrees.

"That is a problem. Because people are being victimized by these attacks," he explained. He called 2017 "a wake-up call" in terms of the way people in nation-states and governments are using technological tools as weapons. WannaCry and NotPetya were the prime examples.

We can't expect people to recognize the problems of cybercrime if we don't recognize how people are suffering. Hospitals were paralyzed when WannaCry hit the UK. At England's National Health Service, 19,000 appointments were canceled. Surgeries didn't happen. Shortly after WannaCry hit 300,000 machines in 150 countries, he added, NotPetya struck.

"What NotPetya represents is not just the evolution of the attack in terms of methodologies involved, but also the evolution of intent," said Smith. Last year, almost 1 billion people were victims of a cyberattack. "These issues and these threats are going to continue to grow … because everything is connected," he warned. It's time to have a conversation around security.

"In a world where everything is connected, everything can be disrupted," he continued.

Governments around the world must play a role in protecting civilians and civilian infrastructure, he said, and protect people while they're using devices on which their lives exist. However, governments can't do this alone, and so he also called on businesses to step up.

"Businesses need to do better as well, and there is no part of the business community, across Europe or in the US or around the world, that has a higher responsibility than one part of the business community — and that is the tech sector," Smith noted. IT has the greatest responsibility to be "first responders" in keeping people safe when there are cyberattacks.

The same week he gave this talk at Web Summit, Smith explained in an interview with CNBC how Microsoft wants to connect with Congress and work together to create cybersecurity guidelines for civilians. Key issues range from threats on democracy to artificial intelligence in the workplace.

We have reached a point at which people are enthusiastic about the evolution of technology; however, their eagerness is matched with growing worry about what this technology can do.

"The big shift has been [that] the era where everyone was just excited about technology has become an era where people are excited and concerned at the same time — and that's not unreasonable," he explained in a conversation with CNBC.

Smith says Microsoft wants to work with President Trump, as it worked with President Obama, to address the risk of technology. The concern isn't only for America, but for all countries.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/12/2018 | 9:43:10 AM
Strange
Somewhat disappointing as it appears Microsoft is asking for a government subsidy in effect to make up for deficiencies in their software. Anyone who has worked with government knows they are always slow to respond and build new solutions. The governments only role, and I cringe to say it, is to legislate what companies must do to protect their customers. The proof is out there that companies have been failing at this for some time. This is why much of the legislation comes about. There is little or no legislation related to the makers of operating systems and software. Why not vet code better especially when libraries are used by thousands of applications? The volume of Microsoft patches in the past two years is alarming, we should be better at testing and vetting code for problems. My 2 cents worth.
tcritchley07
50%
50%
tcritchley07,
User Rank: Moderator
11/9/2018 | 1:39:18 PM
Brad Smith on Cybersecurity
I hope Brad reads this response. I've writtne to him twice with researched ideas on tackling this issue to no avail. It reminds me of Mark Twain's 'Everybody is talking about the weather, nobody is doing anyhting about it'.

tcritchley07 at gmail dot com
taylor03
50%
50%
taylor03,
User Rank: Apprentice
11/9/2018 | 8:41:50 AM
Taylor
I think this is a good step to overcome cybercrimes.
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
CVE-2020-7222
PUBLISHED: 2020-01-18
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (...