A number of noteworthy ransomware attacks have made headlines so far in 2021. Cybercriminals target Colonial Pipeline in April and JBS USA Holdings, Inc. in May. Often, hackers are after ransom, but other times they are looking to steal as much sensitive information as they can get their hands on.
The attacks on Colonial Pipeline, JBS USA, and others have had damaging impacts that have gone beyond the supply chain. The continued rise in ransomware attacks will continue to threaten the nation’s critical infrastructure.
Experts agree that more needs to be done in regard to the nation’s level of preparedness, in addition to the need for a more collaborative approach across the different sectors. We recently requested insight from cybersecurity industry experts and leaders who have been affected by a ransomware attack for their opinions on the current state of the nation.
The Ransomware Arms Race
In an arms race, opposite sides are at war for dominance in the ”development and accumulation of weapons”. An arms race can lead to significant fear and bitterness on the part of the sides involved, but whether this leads to war is difficult to measure. For those working in cybersecurity and incident response, being on one side of the fence and ransomware gangs on the other is nothing new. ”Every organization in the US is in an arms race with increasingly organized and sophisticated cybercriminals with no end in sight. Welcome to the new normal”, said Alexander Freund of 4IT.
Fear of State-Sponsored Attacks
Recent reports surrounding the escalation of ransomware details increased concerns around the nation and the need for advancements in digital and security transformation. As a result of the rise in cyberattacks, more people believe that state-sponsored attacks are more common than people think. State-sponsored attacks are either funded by a government or executed by a government’s agencies that can often go beyond the objective of seeking monetary gain.
As tensions continue to mount internationally, businesses and organizations are finding themselves under pressure to continue their operations despite the growing vulnerabilities.
”It is my belief that these are state-sponsored attacks and therefore until the United States and Russia figure out their differences, the attacks will continue. Using the technology that was initially started to spy on different governments, the private sector has very little chance of stopping them, so I expect ransomware attacks to continue until the government finds guidelines by which to stop these activities”, said Ilan Sredni of Palindrome Consulting, Inc.
Are Cryptocurrencies To Blame?
Cryptocurrency technology was addressed following the Colonial Pipeline and JBS USA ransomware attacks. The recovery of ransom paid by the victims may have diminished some worries about cryptocurrencies, but others believe that cryptocurrency has fueled the rise in ransomware.
”The explosion in ransomware attacks is directly tied to the growth of cryptocurrencies. The ability to transact business outside of regulated financial institutions creates the perfect storm for criminals to take hostage a network and be paid in a way that avoids any controls. Once we figure out how to manage and regulate cryptocurrencies the wave of ransomware attacks will slow dramatically”, said Luis Alvarez of Alvarez Technology Group. ”I also think that something is going eventually going to need to be done about the government regulating cryptocurrencies. Although I’m not a fan of this idea, I feel as though if cryptocurrencies were banned, then there wouldn’t be as strong of a motive for these types of cyberattacks to continue”, said Kenny Riley of Velocity IT.
The Rise of Ransomware During The COVID-19 Pandemic
The restrictions imposed by governments in response to the coronavirus pandemic in early 2020 led to workplaces transitioning from the physical office space to more virtual office space, as more employees worked from home. As a result of this swift transition, technology has become even more important. Despite this rise of technology need and usage, it quickly became evident that many businesses and organizations did not have the proper measures in place to fully implement a cyber-safe remote-working environment. “Due to COVID, businesses have adopted technology for their day-to-day functions at a much faster pace, and also it has resulted in more fragmented security as more employees started working from home. This has made all businesses ripe and easy targets for ransomware attacks prompting a higher incidence rate than we have ever seen before”, said Ashu Singhal of Orion Networks. Singhal added, “Three of our new customers have had a ransomware incidence in last one year since their previous IT company just didn’t do enough planning or preventative measure to secure their network. And more worrisome is the fact that all these three clients were less than 30 employees businesses, which shows that size doesn’t matter anymore.”
Is It Time for MSPs To Enhance Their Security Focus?
As the number of cybersecurity incidents rises, it is not uncommon for the blame game to start soon after. It usually does not take long before the end customer starts blaming the MSP for the issues.
Part of the issue over the past few years has been a feature race for most software and SaaS providers more focused on the next feature that will sell their software combined with MSPs focus on more multiuse software tools, central dashboards, and optimizing their time. This has been escalated by the purchase of many software companies over the past few years by investment companies, angel investors, wealth management groups, and others who only look at it as an investment said Mark Hicks of Mathe.
”We have seen it time and time again. Just looking at the bottom line, typically their first step is to maximize their investment by cutting service levels and R&D to maximize profit and only focus on the sizzle and not the steak. Other competitors have to keep pushing sizzle also and match features detracting from resources that should be spent on security and hardening their solutions”, Hicks added.
Kenny Riley of Velocity IT said, ”These cyberattacks and the frequency of them are only going to get worse before they get better. Businesses of all sizes and types need to make it their top priority to increase the security posture of their organization. This latest attack against Kaseya was felt by businesses worldwide since the targets of these attacks were Managed IT Service Providers that have entry points into the networks of dozens, or hundreds of their customers. Because of that, over 1000 businesses were crippled by this attack.”
For more information visit: ulistic.com