Saryu Nayyar | Forbes.com »
Ransomware is top of mind for every cybersecurity expert these days, and for good reason. SonicWall reports (via Infosecurity Magazine) that between 2019 and 2020, ransomware attacks in North America increased by 158%. The FBI dealt with 20% more reports of ransomware attacks in 2020 over 2019, with collective costs of the attacks increasing more than 200% from the previous year.
So, the number of attacks and the cost of the attacks are both increasing, making for an alarming trend for any organization connected to the internet (i.e., every organization).
The major wake-up call for the seriousness of this situation was the ransomware attack carried out against Colonial Pipeline in May of 2020. It started in the company’s billing systems, and as a precaution, Colonial halted operations of its pipeline control systems to prevent the spread of the malware. That action resulted in the complete shutdown of a critical pipeline that moves 45% of the fuel consumed on the East Coast of the United States.
Working with the FBI, Colonial paid some $4.4 million in Bitcoin as ransom. The move was controversial, as the FBI usually discourages paying a ransom, but the pipeline’s CEO said, “It was the right thing to do for the country.” The shutdown was already creating fuel shortages and disrupting transportation across the East Coast. Later, the FBI would recover about half of the ransom money paid to the cyberattackers.
It Takes A Village To Fight Ransomware
This event was so disruptive that it served as a warning for all critical infrastructure — indeed, for all businesses across the country. It also prompts the question, “Who is responsible for fighting ransomware attacks: private businesses or the federal government?”
With that in mind, the government has numerous initiatives underway to tackle problems that are beyond the scale and scope of individual businesses and organizations. In addition to the increasing number of ransomware attacks, these issues include massive data breaches that may affect millions of people, destructive attacks on the nation’s critical infrastructure and the development of unified standards for cybersecurity measures that companies must implement to protect themselves and their customers.
Government And Private Sector Partnerships
One of the actions taken by the Biden administration following the Colonial Pipeline attack was the issuance of Executive Order 14028. The EO is built on the premise that “protecting our nation from malicious cyber actors requires the Federal Government to partner with the private sector,” and it lays out many ways in which this can be done.
Among them are removing barriers to sharing information on threats, incidents and risks; enhancing the security of the software supply chain; and establishing a joint government/private sector Cyber Safety Review Board to assess threat activity, vulnerabilities, mitigation activities and agency responses. While much of the EO is aimed at federal agencies, some of the provisions apply to (or will benefit) private sector organizations. For example, the provision to enhance the security of the software supply chain will have the effect to force developers to reveal the security status of third-party or open systems components in their software. Every company that uses externally developed software can benefit from this level of visibility.
The Cybersecurity & Infrastructure Security Agency (CISA) announced in August a new cyber planning office that will work with “major cloud providers, cyber companies, and other private sector partners under a new initiative aimed at combining efforts on planning, threat analysis, and defensive operations.” The initiative brings together agencies such as the Department of Justice, the National Security Agency and the FBI, among others, with industry partners that include Amazon Web Services, AT&T, CrowdStrike, Mandiant, Google Cloud, Microsoft, Lumen Technologies, Palo Alto Networks and Verizon. The intent is to focus on combatting ransomware and developing a framework to respond to incidents on cloud providers that can have far-reaching ramifications.
Everybody, All In
Combatting the ransomware scourge is an all-hands-on-deck effort. Individual companies have an obligation to their owners or shareholders and customers to put in place effective defense mechanisms to prevent or stop an attack from happening. Cyber experts agree that legacy security solutions based on signatures aren’t enough; the sophistication of the ransomware malware requires solutions using artificial intelligence (AI) to detect the subtle activities that presage an attack.
The federal government can aid those companies by providing guidance on threat activity, security standards, response playbooks and the like. Just as important, the government must tackle the political issues that stem from unfriendly nation-states that harbor or even encourage the cyberattackers who launch attacks on U.S. organizations.
Dealing with ransomware is too big a task for any company or organization to go it alone. Only cooperation and strong partnerships between the federal government and the private sector will bring to bear the expertise and resources needed for the win.
External Link: It Takes A Village To Fight Ransomware