Tools or Weapons?

It’s the time of year when the Cybersecurity industry fills our inboxes with mostly depressing predictions of 2020. Rather than pile on, I want to share my pick for one of the best books of 2019. First, I’ll introduce the book and the powerful takeaway it provided for me. Then I’ll relate the takeaway to an ongoing class of cyber attacks and how to prevent them.

Do you recognize the name “Brad Smith”?  Brad Smith of Microsoft? That would have stumped me too until I read his new book Tools and Weapons: The Promise and the Peril of The Digital Age.[i]

These quotes summarize why I found the book so intriguing and grounded in the real world:

“Smith’s book is not the typical vanity project churned out by so many Fortune 500 leaders, the generic tomes on leadership and teamwork stocked at airport bookstores near the neck pillows. Tools and Weapons is a glimpse behind the curtain as Microsoft reckoned with the Snowden revelations, defended against the vicious cyberattacks, and took both the Obama and Trump administrations to court.” — Rolling Stone

“A colorful and insightful insiders’ view of how technology is both empowering and threatening us. From privacy to cyberattacks, this timely book is a useful guide for how to navigate the digital future.” — Walter Isaacson

Why is Brad Smith credible? He is president of Microsoft and the longest server member of Microsoft’s top leadership. His amazing career started as an attorney who made having a personal computer a condition of employment when he joined a firm in 1986. His PC was the first-ever at the firm. In 1993, he joined the legal affairs team at Microsoft. His work with Bill Gates and Steve Ballmer during the negotiations with European Commission over antitrust accusations, amongst other skillfully handled negotiations, led to promotion to general counsel. Satya Nadella promoted him to president and chief legal officer in 2015. But I’m not here to talk about Brad Smith’s career, rather about his beliefs.

What’s the powerful takeaway? Brad Smith operates by a simple core belief: When your technology changes the world, you bear a responsibility to help address the world you have helped create. The world has turned information technology into both a powerful tool and a formidable weapon, and new approaches are needed to manage an era defined by even more powerful inventions like artificial intelligence. Companies that create technology must accept greater responsibility for the future.[ii]

Given Smith’s core belief, the book proceeds to cover real-world examples of how technology is used as a weapon. Chapter 4: CYBERSECURITY: The Wake-up Call for the World[iii] covers an example that a Zero Trust security strategy implemented through browser isolation could have prevented.

This chapter starts with surgical prep for a patient at Barts, a London hospital famous for operating continuously even as bombs from World War II rained down. What physical weapons couldn’t halt, WannaCry ransomware shut down. The discussion from inside Microsoft provides real insight into how governments missed the threat from cyberweapons.  Here’s an excerpt that highlights the disconnect at the time between policymakers and technologists: “In conversations with diplomats around the world, [Microsoft] heard the same skepticism: No one has been killed.  These are not even attacks on people. They’re just machines attacking machines.”

I won’t spoil the plot for you so you can enjoy the book (available here).

What I will say is organizations like Barts have to let their people use the internet to get their jobs done, but the same web browser technology can become a weapon against them. While it’s too late for Barts, today there is a solution. Browser isolation provides an innovative way to prevent phishing and ransomware attacks while simplifying the security strategy and delivering immediate protection. For organizations like Barts hospital, that’s just what the doctor ordered!

Breaking News: Just as I was about to publish this blog, the City of New Orleans declared a state of emergency following a ransomware attack on Friday, December 13, 2019.[iv] A simple case of bad luck on Friday the 13th? No, it’s an unfortunate reality that 2.5 years later, ransomware is still shutting down organizations like Barts.

On October 2, the FBI had issued a high-impact cyber attack warning that losses from ransomware have increased significantly as the attacks become “more targeted, sophisticated and costly.” Even with the ten-weeks warning, ransomware attacks against state and local governments are still hitting the headlines.[v] Nefarious actors continue to turn technology tools into weapons.

Learn more about browser isolation as provided by the Isla Isolation Platform here.

[i] Tools and Weapons: The Promise and the Peril of The Digital Age.  By Brad Smith And Carol Ann Browne, Penguin Press, 2019

[ii] Tools and Weapons: The Promise and the Peril of The Digital Age.  By Brad Smith And Carol Ann Browne, Penguin Press, 2019, Chapter 4 pages 61-76.

[iii] Ibid.

[iv] New Orleans Declares State Of Emergency Following Cyber Attack. By Davey Winder,

[v] FBI Issues ‘High-Impact’ Cyber Attack Warning—What You Need To Know. By Davey Winder,

John Klassen

Sr. Director - Product Marketing