Ransomware is the weapon of cyber attack choice now
The current threats mean that general users and companies can not protect themselves. Just doing perimeter security does not work as this ransomware has shown it can get through networks as a “worm” technology.
ISO27001 and CISSP certification qualifications are also ineffective against this type of attack. This means there needs to be a “cyber police force” to help manage these escalating threats with the right level of specialist skills, not just vendors sorting it out themselves.
With Microsoft as well as many other vendors and cyber response agencies citing 75% increase in user expectation to be cyber attacked in the next 12 months; this has just gone to the “next level”.
Ransomware is the third generation next development after denial of service DOS and data breach theft to not only enter computer but inflict psychological and financial loss at the same time.
My research has seen Lawyers in particular called for what they call much stronger “jurisprudence” over the cyber online world. This is because it not like the physical world where you can see boundaries; its unseen and spreads across geographic and commercial jurisdictions. While we all carry the liability, we have little protection to tackle what is now open fully scale war with the criminals.
Microsoft is right to call for a “Digital Geneva convention of rights”; the risk and impact of cyber weapons can do the same or more that physical weapons. It can indirectly kill patients , change traffic controls, alter car onboard steering systems, change elections. This is not being alarmist but with a rapid rise of the connected digital society with wearables, automated travel and your privacy and life in full digital view it’s a big problem. Much like the Apple – FBI San Bernardino issue of creating back door breaking strong encryption methods is much like creating a “on switch option for a nuclear bomb” its not a great idea.
Jurisprudence in the digital world is much harder as the identity of people and things is obfuscated partly due to the paradox of the need for privacy but also from the nature of digital data that is re-coded, redactable and transmutable, unlike physical things and lives.
Identity and privacy will become hugely important and guarded right.
Creating better 21st century law and higher levels of cyber defense investment is one key step but I don’t this it should be left to the conflicted interested of big commercial companies like Microsoft to decide to call them selves “1st responders”. It has an air of selfmarketing about it too. It needs governments and strong pursuit agencies to go after cyber hackers but to also manage their responsibilities of stock piles in a way that clearly is failing at the moment. I doubt we will ever hear how this will resolve itself but the digital equivalent of a very deep security place may not be the answer, rather a higher form of governance to not build the problem in the first place.
Incidentally this same argument of jurisprudence comes to us with Artificial Intelligence AI which I argue with be the fourth weapon of mass destruction after ransomware becomes passé, and ironically part of the 4th Industrial revolution, but not the revolution we would like in that way!
The internet is a social metropolis of many ideas, faiths and interests; if we want to protect and enjoy the same physical liberties then we better start acting seriously about stronger legislation and full scale enterprise management of cyber security.