Ransomware, National Cyber Security, and the Private Sector
Mark Lanterman | October 14, 2021
In response to recent high-profile cyber attacks and the looming threat to critical infrastructure, new measures are being undertaken to combat the risks. Following the Executive Order on Improving the Nation's Cybersecurity that outlined key information on primary cyber threats and mitigation strategies, 1 President Joseph Biden met with key private sector leaders in August 2021.
The meeting emphasized the need for renewed investment and attention to cyber-security initiatives, especially from major tech companies. It underscored the fact that a strong national cyber-security posture is important in maintaining national security overall and that without the private sector's cooperation and assistance, cyber threats will continue to exploit vulnerabilities and cause damage. The administration described the purpose of the talk "as a 'call to action' for the private sector, which is composed of thousands of businesses that may lack the know-how or the resources to fend off hackers on their own. 2
Training, appropriate security technologies, assessments, and auditing are all parts of proactive cyber-security cultures. One especially prevalent threat to take into account when developing your defenses is ransomware attacks.
Ransomware Attacks
Ransomware attacks continue to be a primary concern for organizational security. Ransomware is a type of malware that essentially holds data hostage until a ransom is paid by the victim. While ransomware attacks are usually perpetrated for some type of financial gain, they can also have other goals, including political motives. Ransomware attacks can cause a litany of risks—including financial, business operational, legal, and reputational damages. Depending on the sector, the impact can be immediately catastrophic. Victims are often left in a sticky situation, as paying a ransom is not advisable for a number of reasons, including the possibility of committing an Office of Foreign Assets Control violation. 3
This past June, an open letter from Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger warned business leaders about ransomware and made calls for improved cyber-security measures. 4 The letter stated that "companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively."
Business operational risk should always be taken into account when assessing the potential impact of a ransomware attack. Apart from data loss, ransomware attacks can have an immediate impact on an organization or agency's ability to operate and provide services. This is especially true in considering the role of the Internet of Things. Data loss is not going to be as important a factor when it comes to an attack that compromises a valve or piece of machinery that has a critical function.
Both the letter and the Executive Order of this past spring provide several strategies for bolstering cyber-security postures and managing cyber risks. Additionally, the Cybersecurity and Infrastructure Security Agency has a dedicated resource for learning about and responding to ransomware attacks. 5 It may be valuable to review the recommendations in relation to your own organization's approach to security.
Cyber-Security Measures
In my last article, "Standardization Matters in Establishing a Strong Security Posture," I discussed standardization in both documenting and executing cyber-security measures, especially in light of recent large-scale attacks, such as the Colonial Pipeline attack. Standardization optimizes an organization's ability to combat cyber threats and respond to risks with effective communication.
When assessing current policies, be sure to verify that documentation matches implementation. If multifactor authentication, regular backups, and software patch management are required on paper, how are they being implemented in reality? How is compliance audited and reviewed, and how is this information documented and communicated? Does top management actively support the organization's cyber-security program? Asking questions can make a big difference in verifying whether your organization is as prepared as it can be.
Conclusion
As we continue to focus on improving cyber security at a national level, it is important to consider how cyber-security awareness can be improved within our own organizations and even within our own homes.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
Footnotes
