WannaCry: Can Microsoft’s ‘Digital Geneva Convention’ ever be achieved?
The WannaCry ransomware attack has now spread its crippling influence across thousands of organisations, public and private, in 200 countries. As the fallout settles the cost is being counted, and fingers are being pointed.
The Windows vulnerability at the heart of the WannaCry crisis has put Microsoft itself in the frame, along with organisations’ inadequate security procedures, governments’ inadequate funding, and even inadequate IT professionals. Lots of fingers, lots of pointing.
They’d all be pointed at the culprits themselves, of course, if they knew who they were.
Which is a problem that immediately confronts Microsoft’s reassertion this week that it wants to see the creation of a Digital Geneva Convention.
The world should collaborate to build a supranational entity that sets universal rules and enforces them in the event of transgression, argues Microsoft president and chief legal officer Brad Smith. The convention would exist principally as a defence against nation-state digital malfeasance, but in partnership with private industry would help raise security standards everywhere.
But how would it be policed and enforced, particularly in a case like WannaCry, where code constructed by a government – the ironically named National Security Agency in this case – was stolen and turned against the world by invisible actors in the name of making a quick buck?
Mark Skilton, cyber security researcher and author (Building Digital Ecosystems, The Fourth Industrial Revolution), says individuals and companies have already lost the ability to protect themselves in what is now an “open, full scale war” with cybercriminals, and agrees with Microsoft that they need more protection.
"This attack has shown there needs to be a cyber police force at a global level to help manage these escalating threats with the right level of specialist skills, and not just vendors sorting it out for themselves,” he says.
"Microsoft is right to call for a 'Digital Geneva Convention of rights'; the risk and impact of cyber weapons can do the same or more harm than physical weapons. It can indirectly kill patients, change traffic controls, alter car onboard steering systems, change election outcomes, and more."
But, while desirable, he admits it wouldn’t be easy: "Governing the digital world is much harder as the identity of people and things is obfuscated, partly due to the paradox of the need for privacy, but also from the nature of digital data that is re-coded, redactable and transmutable.”
Lee Meyrick, director of information management at leading data-investigation firm Nuix, concurs. It’s all too easy for the bad guys to spoof the origin of their malware and avoid detection, he says.
“A Digital Geneva Convention is unfortunately a far-fetched idea. Internet governance ultimately comes down to questions of attribution, and the fact remains that definitive attribution is a tremendously difficult thing.
“It would be hard for such a convention to police threats if they don’t know where they are coming from. The NHS attack is a case in point; while it appears the attack was deliberate, it is more likely collateral damage from an attack that has been able to propagate very well.
So while an internationally agreed legal framework may serve to underpin a coordinated approach to cybercrime, it will ultimately only be enforceable by the same people tasked with the job already: Us - individuals and organisations throughout the digital ecosystem.
Tony Rowan, chief security consultant at cybersecurity company SentinelOne, says the concept of a Digital Geneva Convention is laudable – and useful in part – but ultimately “naïve”.
“With a world network, we are going to have to deal with eCrime using technical rather than legal controls,” he says.
“That's not to say that international legal agreements will not have their place. Rather that real control will have to use effective technical means to have useful effect. If international legal controls were enough, all kinds of crimes would have already been eliminated.”
Five9: the cloud software industry leaders acquired by Zoom
Five9 is the leading provider of cloud contact centre software. Driven by a passion for transforming contact centres into customer engagement centres of excellence, Five9 have a deep understanding of the cost and complexity of running a contact centre.
Founded in 2001, Five9 help contact centres of every size create powerful connections.
The company has over 20 years of cloud contact centre experience, reaches over 2,000 customers worldwide, and annually reaches over 7 billion customer interactions.
Built on a highly reliable, secure and scalable cloud platform, Five9 makes it easy to rapidly trial and deploy new services. Its software also future proofs businesses by supporting AI and other emerging technologies.
Utilising cloud capabilities for improved customer experience
Offering software that creates more successful customer interactions, Five9’s cloud contact centre software increases contact centre productivity. This is without the capital expense and maintenance costs of premise-based systems.
Built on flexible architecture that adapts to a company’s changing needs, Five9 customers benefit from a secure, reliable and scalable contact centre.
Five9’s cloud contact centre platform also gives customers access to an extensive ecosystem of partners. Its platform can be enhanced with leading customer relationship management, analytics, workforce management, performance management solutions and telephony providers.
By utilising cloud technology, Five9 customers have access to the latest capabilities through no-touch, non-disruptive real-time upgrades.
Five9’s recognition for industry-leading software
As a leading cloud contact centre software provider, Five9 has been recognised by leading industry publications and organisations for its success and innovative solutions.
For the fourth consecutive year, Five9 has ranked as a global leader for The Aragon Research Globe for Intelligent Contact Centres 2021.
Five9 was also one of only three providers to earn the MetriStar Top Provider award when evaluated as part of Metrigy’s global 2021-2022 Workforce Optimisation and Engagement research study.
Five9: Zoom’s first major acquisition
Zoom Video Communications has agreed to buy Five9 for about $14.7bn, marking the company’s first major acquisition.
This deal with Five9 will help expand the company’s Zoom Phone offering.
“I believe the combination of Zoom and Five9 will be a game-changer. Joining forces will create a transformative opportunity for two strong companies with complementary capabilities and shared values,” said Five9’s CEO, Rowan Trollope.
With Zoom’s reach and brand, the acquisition will help Five9 propel forward and help the company deliver on its goal of significant international expansion