Last Friday’s “WannaCry” ransomware attack, which hit 200,000 computers in 150 countries, disrupting the NHS and other organisations, should be a wake-up call to governments, companies and individuals to do more to increase “cyber hygiene”, says Julian King in the Financial Times, with the scale of business losses estimated at $4bn by some experts – and that’s before you “consider the threat” to democractic institutions.
Ironically, one organisation that stands to benefit is Microsoft, which owns the targeted operating system, says John Gapper, also in the FT. A blog from Microsoft president Brad Smith was a “masterclass in pursuing Microsoft’s interests while invoking a noble mission”. He reminded people to update software, pointing out that Microsoft had released a patch for the WannaCry vulnerability in March. He also “took a shot” at the US National Security Agency, whose leaked technology helped the virus spread so rapidly in the first place.
Shame on Microsoft, says Chris Merriman in The Inquirer. Yes, the company did release a patch, but it’s hard to blame the NHS for not updating (and The Times’ Mark Bridge points out, NHS Digital had issued a warning to use the patch on 25 April). It quite rightly concentrates its resources on “healing the sick”.
More than 52% of businesses worldwide are running at least one instance of XP, and it takes just one out-of-date system in a network to put it at risk. If you’re serious about this “wake-up call”, Microsoft, use your dominant market position to find better ways of tackling the security problem.