The Cybersecurity Crisis
Recent major cyberattacks have forced us to reflect on the security posture of our increasingly digital world.
In the last few weeks, panic has set in after the exposure of a recent cyberattack in the form of malware introduced into network management software provided by the tech company SolarWinds. The malware had been waiting, undetected, within SolarWinds’ systems for months prior to the attack.
In a recent post, Microsoft President Brad Smith called the incident “an attack on the United States and its government and other critical institutions, including security firms.”
Smith wrote, “this attack provides a moment of reckoning. It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response.”
Cybersecurity is a growing concern around the world as attacks become more determined and sophisticated, often developed by private tech companies targeting infrastructure during an already challenging time.
Indeed, by March of last year — only weeks after COVID-19 began to scare the world — attacks began specifically targeting hospitals and public health authorities.
“In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency,” wrote Smith.
These attacks require an effective, coordinated response.
It has become apparent that a lack of coordination has weakened our response to these attacks. Collaboration between the public and private sector — a sharing of information, at least — is essential in responding to these threats.
Private companies own and operate most of today’s technology infrastructure. As such, it is essential that public entities work together with these tech leaders in response to major cyberattacks such as we have seen recently.
“During a cyber incident of national significance, we need to do more to prioritize the information-sharing and collaboration needed for swift and effective action,” Smith stated. “In many respects, we risk as a nation losing sight of some of the most important lessons identified by the 9/11 Commission.”
The cybersecurity crisis is going to continue to grow without the coordinated efforts of the public and private sector, including a swift and firm response when incidents occur. Prevention and disaster recovery efforts in tandem with government policies to disincentivize attacks and strong responses to incidents are essential to the security of our data-driven, digital world.