Microsoft Predicts US Government Will Erode IT Industry Security Efforts

Microsoft believes that the government, but not necessarily the National Security Agency (NSA), may stymie the IT industry’s efforts to safeguard corporate and user data.

Top security executives at the company have put together their top predictions for 2014 for the Microsoft Security Blog. Paul Nicholas, senior director of Global Security Strategy for Microsoft’s Trustworthy Computing division says that government efforts to bolster cyber-security may end up doing more harm than good if all stakeholders fail to see eye-to-eye.

Cybersecurity Framework

Nicholas pointed to the upcoming release of the US government’s Cybersecurity Framework and continuing discussion pertaining to the directive on Network and Information Security (NIS) in the European Union (EU).

“The US and EU efforts will not happen in isolation. It will be important to ensure that we do not end up with hundreds of different approaches to cybersecurity,” wrote Nicholas.

The Microsoft security expert fears such a scatter-shot strategy “would begin to erode the base of the global ICT industry”. He predicts that in 2014, “policy makers, private sector companies and vendors of all sizes will begin to see the imperative for harmonisation and begin to align risk-based approaches to managing cybersecurity.”

David Bills, chief reliability strategist at Microsoft Trustworthy Computing, thinks cloud outages will continue to bedevil IT providers.

The key to stemming the causes of downtime is the adoption of “contemporary resilience-enhancing engineering practices”, including failure mode and effects analysis and programmatic fault injection. Incorporating these into cloud management operations will help combat the prime reasons cloud services fail, specifically “reliability-related device failures, imperfections in software being triggered by environmental change and mistakes made by human beings while administering those services”.

Brazil World Cup scams

The director of Microsoft Trustworthy Computing, Tim Rains, expects the World Cup in Brazil to be a major source of online scams. “As with any large sporting event, cybercriminals will also be looking for illegal ways to make money and take advantage of the excitement surrounding the World Cup,” he said.

Spam messages from online swindlers, particularly “advance-fee fraud (so-called 419 scams),” have been on the uptick, said Rains, increasing from “9.1 percent of messages blocked by the Exchange Online Protection feature to protect customers in the first half of 2012 to 14.3 percent in the second half of 2012 to 15.5 percent of messages blocked in the first half of 2013.”

As buzz builds for the World Cup, scammers are expected to ramp up their efforts. And they won’t be limited to Brazil. “I expect to see attackers cast a broad net using different languages in order to ensnare as many victims as possible in Latin America and Europe, as well as other parts of the world,” wrote Rains.

Microsoft’s security researchers also expect regional cloud services to take off in the wake of cyber-spying concerns post-Snowden and cyber-criminals to target unsupported software, especially Windows XP. The company is set to cut off support for Windows XP on 8 April, 2014. Also worth keeping an eye out for is a rise in social engineering and ransomware, according to Microsoft.

Are you a security pro? Try our quiz!

Originally published on eWeek.