Pirates at The Sea of Data
Should Software Companies Be Held Responsible for Ransomware Damages?
FUTURE PROOF-BLOG BY FUTURES PLATFORM
Despite the fact that Ransomware has been around for some time, software giants like Microsoft keep releasing updates and software that include vulnerabilities. Customers are helpless because they cannot see the software code to see if the products they buy are faulty. Data is itself vital and valuable, not only to us as individuals but to organisations from banks to schools and hospitals. Should not companies that let the thieves in, be held responsible?
Ransomware, software that uses a vulnerability in computer systems to take them over and then blackmail the data owner, are becoming common and more effective. The most powerful one yet, a virus called WannaCry, was developed by the NSA. Despite security update patches, systems will remain to be hackable. How will infrastructures survive in case they are hacked? We may need parallel backup systems and safe data havens.
In a wide ransomware attack in May 2017, a software virus called WannaCry was used to compromise tens of thousands of computers in a hundred or so countries. The software takes over all files on the system and demands USD 300 in Bitcoin. If you pay straight away, the unlocking supposedly happens. If you wait, the price goes up.
WannaCry was developed by the NSA (National Security Agency) of the US government. It was leaked and is now in the hands of other nation-states and cybercriminals. Ransomware has been a typical form of cybercrime for some time. Now, however, with the help of the NSA, the tools have become more powerful.
WannaCry simply searches the Internet for operating systems that are vulnerable and takes them over. In other words, no other careless action is required than not having done a security update a month before the attack.
If a bank is robbed, it still owes its customers the money it had. What about software giants like Microsoft, whose bad code enabled this, so far, the most massive ransomware attack so far? They hold no responsibility for the consequences resulting from using their software. Should they?
Bad, vulnerable code is a result of bad software design, which again is part and parcel of software companies needing to produce new software and updates to stay on top of the market. In other words, companies like Microsoft save money if they do their work too quickly. Customers are at a losing end.
The problem of viruses and ransomware cannot be solved by improving one operating system or the other. A massive countervirus task force should be established by all major software players in the market to do something about it. And in fact, hardware manufacturers need to be part of it, because also the BIOS microchips on devices, and Internet of Things microchips or mini computers can also be hacked.
Companies need to hire the best hackers to hack their own code before anyone else does.
Besides operating systems and software needed to become safer, most crucial infrastructures may need to have parallel, extra fire-walled, fully operational backup systems that exist in safe data havens. And perhaps it is time to give up operating systems that most commonly and frequently get hacked. Alternatives are being developed, ones that take cyber security as a priority.
Digital technology today mainly uses two senses - sight and sound. But it may not be long before we can feel, taste and smell digital objects in a way that is indistinguishable from physical experiences.