At a fairly recent conference for financial institutions that was offering open, candid discussions and interactive training for cybersecurity leaders in attendance, ransomware was THE hot topic. In fact, this rising attack-type merited a half day of training that involved numerous three-letter agencies.
The reasons for this are simple. As SC Media journalists this month reveal in various stories focused on these rising and increasingly costly attacks, ransomware is fast-becoming a lucrative business for the cybercriminals that leverage them. According to Business Insider, ransomware attacks yield about $25 million in revenue for cybercriminals each year.
Indeed, many industry experts believe these attacks are proving the canary in the gold mine for the more intense and wide-sweeping attacks to come. One CISO noted that attackers are graduating from targeting larger, private companies that have quietly paid ransoms and then made moves to bolster their security controls, end-user awareness training, data backup strategies, and disaster recovery plans, and instead are setting their sights on more public municipalities and government targets.
As such, the question of paying or not paying a ransom that impacts the running of a city and its interactions and services for citizens is becoming a more open and public debate. And, it seems, a majority of the public, as we share in one of our stories this month, are really not down with seeing their towns, cities and states paying off the bad guys. While many experts and security leaders alike agree paying a ransom is a viable option, others argue this will lead to still greater problems – attackers might not unlock files or may strike again.
Beyond these problems, there can be wider implications in choosing to pay, one long-time cybersecurity expert told me. A huge issue is the lack of knowledge about the identities of the attackers, he said. The problem, based on his experience, is the boodle seized by many of the more lucrative attacks are funding terrorist groups and their physical onslaughts.
Whatever the impacts, ransomware and those yielding these malware attacks have become an exigent security issue for us all. The range, costs and frequency of these attacks and their damage are predicted only to grow. And while backups are a key component to any recovery plan, they’re only a part of the solution. A robust incident response and disaster recovery strategy is key, along with ongoing maintenance of security controls. Consistent end-user awareness training helps, too.
Peer groups – from government-sponsored, such as ISAOs, ISACs and InfraGard to private P2P groups – also are key. There is nothing like getting together with like-minded practitioners to openly talk down challenges, strategies and solutions, while gathering still more intel and advice from the law enforcement and government groups that support them.