A Federal Call to Action
Last week, President Biden and his administration issued a memo urging business leaders to immediately take action to prepare for future ransomware attacks. This comes in light of the numerous disruptions on American infrastructure, most notably the shutdown of the Colonial Pipeline. Millions of US citizens were impacted and the panic of looming fuel shortages across the eastern seaboard was impossible to ignore. Fortunately, the pipeline’s operation was restored quickly. While the event has not significantly affected gas prices as of yet, it has demanded a response from the federal level. Cyber risk has become an issue of national security.
Targeting Colonial Pipeline: A Blessing in Disguise
Traditional ransomware gangs tend to operate under the radar to avoid publicity. The intent of their attacks is to get paid quickly and move on to the next target. Cyber criminals often exfiltrate confidential data as leverage to force victims to pay up quickly and discretely. In regard to the Colonial incident, the ransomware was indeed paid, but not without the entire world knowing about it.
It is highly likely the Colonial threat actors had no clue about the socioeconomic impact of their attack. If they understood how Colonial’s IT systems would prevent the company from measuring usage of fuel, they would have most likely requested more than five million dollars. After all, just recently, the insurer CNA paid a forty-million-dollar ransom for an arguably much less societal impact.
It won’t be long before cybercriminals start quantifying the risk of their potential targets. This way, they can see exactly see where the crown jewels of an organization lie, and how to make sure their attack causes the most damage. Coming from a strictly defensive mindset, anybody who is not thinking of cybersecurity through a risk-based approach is setting themselves up for a very difficult recovery when an incident happens.
This past summer in Germany, ransomware disrupted emergency care at a hospital, leading to a patient’s death. But the impacts may be even more devastating. Here at Axio, we quantify risk scenarios of this nature in the Axio360 platform daily. It’s highly possible that in the future, infrastructure will not function for a longer period of time, goods and services will not be delivered, and there to be a loss of human life. The most frightening part is you can’t put a time and date on the risk’s realization. However, you can sleep well at night by knowing what this type of scenario will cost you if it happens, and then have the best plans, tools, and techniques to mitigate and manage it. Join us on June 22nd as we dive into the million-dollar question: to pay or not to pay ransomware.
Cyber Risk Should Rightfully Give Unprepared Business Leaders Insomnia
Particularly in critical infrastructure, business executives need to take immediate action to understand impact and prepare for cyber risk. Private industry is responsible for maintaining 85% of our nation’s infrastructure, according to the GAO[i]. Ransomware gangs are only a small subset of the threat actors business leaders must worry about. Many of the threats our country may face in the future are much more consequential. Adversaries are extremely organized, highly intelligent, and state sponsored with unlimited funds. With the adoption of 5G networking and quantum computing—everything will be connected to the internet at lightning speed, making the attacks faster and more devastating. In the future, an individual will literally see their entire life (and many others) flash in front of their eyes. To compound this new reality, almost all physical things will be connected or dependent on the internet to function.
The next war will be fought in cyberspace because it is cheaper and will cause more collateral damage. The White House mirrors our concern.
The White House Memo: Unraveled
Anne Neuberger, President Biden’s deputy national security advisor for cyber and emerging technology, emphasized the importance of cybersecurity within the private sector. “The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” she said. “To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”
Within the recently released White House memo, there are five best practices listed to protect companies from future ransomware attacks. They are as follows:
- Segment networks
- Check the work of the security team via 3rd party
- Update and repair all systems in a timely manner
- Backup all data and configurations regularly, and store them offline
- Test the incident response plan often
At Axio, preparing for ransomware events is a core offering of our platform.
You can get started today by utilizing this our free tool to take a cybersecurity assessment of your infrastructure. AxioLITE allows for a single user to measure their Ransomware Preparedness and identify the most pressing gaps.
If you’d like a personal consultation on how you can rapidly improve your cyber posture to prepare for a ransomware attack or if you would like a deeper dive on how to quantify your cyber risk through the Axio360 platform, please feel free to schedule a consultation with one of our experts.
References
[i] Government Accountability Office, The Department of Homeland Security’s (DHS) Critical Infrastructure Protection Cost-Benefit Report, June 26, 2009.
Learn more about our Ransomware Preparedness Assessment.