Two high-profile ransomware attacks, which shut down the Colonial Pipeline and disrupted JBS, the world’s largest meat supplier, struck a blow to American critical infrastructure merely weeks apart. These attacks are only some of the most recent incidents in the spike in ransomware attacks around the globe.
We sat down for a Q&A with Brad Thies, founder and principle of BARR Advisory, to learn more about these recent ransomware incidents:
Q: How do these cyberattacks typically tend to happen?
A: The issue is twofold. First, companies often rely on legacy systems that are outdated and easy targets for hackers, especially as systems and supply chains become more internetworked. Cyberattacks frequently occur when an employee’s credentials are compromised and malware gets installed, running rampant in an outdated network. Second, companies without visibility into their systems often fail to quickly recognize they’ve been hacked, allowing the malware to wreak havoc in their systems before the company is even aware.
Q: Who is responsible for these cyberattacks?
A: Russia-linked hacker groups have been tied to both the JBS and Colonial Pipeline cyberattacks.
Q: What are the potential consequences of these ransomware attacks for consumers and the national supply chain?
A: As we saw with the Colonial Pipeline incident, these cyberattacks can have huge impacts on consumers. There’s always a level of uncertainty with gauging the impact of cyberattacks because of the interdependency of the supply chain and business ecosystem. It’s important to consider cybersecurity through the lens of interdependency; not only do you need to think about your own company, you also need to consider the trickle effect a security breach could have into other industries.
Q: What is the role of cryptocurrency in ransomware attacks, and why do cybercriminals demand ransom payments in cryptocurrency?
A: Cryptocurrency is used by cybercriminals because it’s extremely difficult or impossible to trace and falls outside the purview of regulated financial institutions.
Q: Although ransomware attacks have occurred for years, it seems like new attacks are making headlines regularly these days. Why do you think they are increasing in frequency and significance?
A: Cyberattacks and ransom demands have been around for a while, but the current frequency of attacks indicates the increase in both supply and demand of data. With our total dependence on data and systems, the value of data has skyrocketed, which in turn incentivizes cybercriminals to hack companies and demand ransom payments. It’s also become increasingly easy to hack a company. With the prevalence of legacy systems and attacks like phishing, cybercriminals can rely more on social engineering rather than technical skill to execute a cyberattack.
Q: When we see ransomware and other cyberattacks in headlines, it’s typically large, national or international companies that are the victims. What can smaller companies learn from these large-scale attacks?
A: While large companies tend to make the headlines, smaller companies are usually more susceptible to attacks. Instead of looking at cybersecurity as too technical or complicated, think of it as another critical part of your business, like accounting or sales. If you’re not considering cybersecurity as a critical part of your business, it’s not a matter of if you get hacked, but when.
Q: What security measures should businesses take to protect themselves from similar ransomware attacks?
A: Companies need to ask themselves the basics: Are we regularly patching our systems? Do we have visibility into our environment?
According to the Verizon Data Breach Investigations Report, 81% of hacking-related breaches occur as a result of weak or stolen passwords. Implementing multi-factor authentication (MFA) or a zero-trust model for employee credentials is a great step toward stronger security. While implementing MFA or a zero-trust model may seem like a challenge initially, it’s important to start moving toward those solutions if your organization does not already have them in place. We all have to start somewhere, and there are plenty of tools available that can help you make the transition to stronger security.
Q: In the event of a ransomware attack, how should companies decide whether to pay the demanded ransom or not?
A: It’s important to establish a relationship with the FBI, local law enforcement agencies, and outside counsel before you experience a cyberattack. If you’re a victim of a ransomware attack, you will not have the time to make these connections in the moment. Assume you will get breached and establish these relationships in advance in order to prepare for a potential cyberattack. This process could also include discussing your cyber breach liability with your insurance company. When you have these connections in place, you’ll be able to make decisions in a timely fashion if and when a breach occurs.
Q: What final takeaways do you have on these recent ransomware incidents?
A: Overall, there’s a problem of transparency. Companies have no incentive to air their dirty laundry. Instead, companies are more scared of repercussions for acknowledging their security weaknesses than they are motivated to come up with solutions to those issues. One solution is to establish a stronger standard of communication without fines and penalties to deter organizations from sharing information about their systems. This should include a transparency report in every organization’s annual cybersecurity posture report. For example, Equifax, after a major breach, now has an annual transparency report. We need to shift the messaging around security so that organizations communicate transparency before a breach, not after.