Microsoft: Basic security hygiene could prevent a lot of cyberattacks
At Microsoft’s Cyber Trust Experience 2017, in Singapore, Regional Director of Microsoft Asia’s Digital Crimes Unit and Assistant General Counsel, Keshav Dhakad. led regional media through Microsoft’s key takeaways from the recent WannaCry attack.
Basically, they are that:
- Everyone is a target
- The time to patch has reduced significantly, there is potential for automation (to apply updates)
- Attacks came from all directions – WannaCry forced everyone to patch at a global scale, but there were a few other ways events could have unfolded. For example, a more malicious actor could have stayed hidden to take over more of the organisation and/or executed the malware right to the criminal’s end game.
- IT and cyber hygiene is so critical.
After presenting the timeline of the WannaCry attack, Keshav commented, “No government agency should carry exploits like this.”
He was referring to the United States’ National Security Agency (NSA) which had first discovered security vulnerabilities in Microsoft’s software and created the EternalBlue and Double Pulsar exploits. The EternalBlue exploit was responsible for the global-scale ransomware attack that happened on that fateful Friday in May.
Keshav opined, “Government agencies should share any software vulnerabilities they find with software vendors so that we can create patches more efficiently.”
He went on to say Microsoft felt responsible about protecting customers despite the latter not heeding Microsoft’s advice to practice basic security hygiene like applying software updates and patches.
The current perception is that practicing this security hygiene could prevent as much as 79-percent of cyberattacks.
According to Keshav, customers who updated their systems with patches Microsoft had created for EternalBlue and Double Pulsar, were not affected by the WannaCry ransomware at all.
“Organisations need to modernise their environments. We did our best to understand how crimes are evolving. We care about the ecosystem that we support.”
Last week, Microsoft had announced updates for systems that haven’t been supported for as long as three years like Windows XP, Windows Vista, Windows 8, Windows Server 2003 and Windows Server 2003 R2.