“Formally accusing the Chinese government of widespread attacks, including the recent high-profile Microsoft Exchange hack, is an important push for accountability as countries around the world grapple with the onslaught of attacks.
International cooperation, formal attribution, prosecution, sanctions and other retorts and countermeasures are all tools for driving more responsible state behaviour in cyberspace. But these tools alone won’t stop attacks and this problem can’t be solved by governments in a vacuum. While governments focus on attribution, deterrence and response efforts, organisations are still responsible for exercising a standard of care when operating and securing their own systems.
The Cybersecurity and Infrastructure Security Agency (CISA) warns that outdated applications and systems are the target of most ransomware attacks. The White House also issued a rare plea to business leadership enumerating the things they can do to better protect themselves given the inefficacy of government action alone. Until we achieve meaningful progress on both fronts, we should expect to see more attacks, more victims and greater damage.” — Amit Yoran, CEO of Tenable and former founding director of US-CERT in the U.S. Department of Homeland Security