April 18, 2018
Upwards of 34 global technology and security companies have announced the creation of the Cybersecurity Tech Accord, which its members described as a watershed agreement among the largest-ever group of companies agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation states.
The 34 companies include ABB, Arm, Cisco, Facebook, HP, HPE, Microsoft, Nokia, Oracle, and Trend Micro, and together represent operators of technologies that power the world’s Internet communication and information infrastructure.
“The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together,” said Microsoft president Brad Smith. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”
The companies made commitments in four areas.
Stronger defense: They will mount a stronger defense against cyberattacks. As part of this, recognizing that everyone deserves protection, the companies pledged to protect all customers globally regardless of the motivation for attacks online.
No offense: They will not help governments launch cyberattacks and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution.
Capacity building: They will do more to empower developers and the people and businesses that use their technology, helping them improve their capacity for protecting themselves. This may include joint work on new security practices and new features the companies can deploy in their individual products and services.
Collective action: They will build on existing relationships and together establish new formal and informal partnerships with industry, civil society and security researchers to improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the potential for malicious code to be introduced into cyberspace.
“The real-world consequences of cyber threats have been repeatedly proved. As an industry, we must band together to fight cybercriminals and stop future attacks from causing even more damage,” said Kevin Simzer, chief operating officer, Trend Micro.
The victims of cyberattacks are businesses and organizations of all sizes, with economic losses expected to reach US$8 trillion by 2022. Recent cyberattacks, the new group said in a release, have caused small businesses to shutter their doors, hospitals to delay surgeries and governments to halt services, among other disruptions and safety risks.
“The Tech Accord will help to protect the integrity of the 1 trillion connected devices we expect to see deployed within the next 20 years,” said Carolyn Herzog, general counsel, Arm. “It aligns the resources, expertise and thinking of some of the world’s most important technology companies to help build a trusted foundation for technology users who will benefit immensely from a more security-connected world.”
Companies that signed the accord plan to hold their first meeting during the security-focused RSA Conference taking place in San Francisco, and will focus on capacity building and collective action.
“No company can solve the issue of cyber threats alone, which is why we align with strong technology partners, like the Cybersecurity Tech Accord,” said Eva Chen, chief executive officer of Trend Micro. “We understand that technology experts must join forces to tackle threats from all sides, and we partner with both public and private organizations to face our collective adversary — cybercriminals.
“Malicious threat actors are our only competitors. We leverage our extensive threat intelligence to inform and fuel our products, including the free tools that can give any company or consumer access to cybersecurity protection and remediation.”
Meanwhile, Trend Micro Inc. this week launched a free security tool for businesses, a phishing simulator called Phish Insight.
“Some of today’s most pressing cyber threats—including ransomware and targeted attacks — come via phishing emails,” the company said in a release.
Phish Insight is an enterprise-grade phishing simulation tool designed to educate and test employees’ awareness of e-mail scams. According to the company, it requires “zero budget and only five minutes to begin a highly realistic phishing simulation.”