Summer is traditionally a season for restful vacations. But technology executives won’t be relaxing this summer as the pace of ransomware attacks accelerates and the attacks become more sophisticated.
Somewhere between 800 and 1,500 small businesses were targeted by cyber-attackers late last week, raising more questions about the safety and security of the world’s digital resources. The attacks were primarily focused on customers of Kaseya, a Florida-based supplier of IT management software.
“Kaseya is a company which provides software tools to IT outsourcing shops: companies that typically handle back-office work for companies too small or modestly resourced to have their own tech departments,” writes Raphael Satter of Reuters. “One of those tools was subverted on Friday, allowing the hackers to paralyze hundreds of businesses on all five continents. Although most of those affected have been small concerns – like dentists' offices or accountants – the disruption has been felt more keenly in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative, or New Zealand, where schools and kindergartens were knocked offline.”
Experts have suggested that a Russian cyber-crime organization is behind the attack, and that the criminals have apparently escalated their efforts to mount a steady stream of sophisticated attacks on a global basis.
“Security researchers said the attack may have been carried out by REvil, a Russian cybercriminal group that the F.B.I. has said was behind the hacking of the world’s largest meat processor, JBS, in May,” writes Kellen Browning of The New York Times.
President Biden, who raised the issue of cyber-crime when he met last month with Russian President Vladimir Putin, told reporters that he had authorized a federal investigation of Friday’s attack. But the recent attack raises new questions that all of us in the tech community need to consider:
- Who is responsible for formulating successful strategies and developing practical tactics for dealing with the escalating risks posed by cyber-attacks?
- Do we need a national strategy for dealing with state-sponsored cyber-crime?
- What is the proper role of the modern technology executive in the ongoing battle against cyber-crime?
Cyber-experts in the HMG community recommend that CISOs and security leaders take a multi-faceted approach to reduce their organizational risks. “To reduce the risk of ransomware and related destructive attacks, security teams need to focus on the following four non-trivial business initiatives, none of which can be outsourced, and all of which will require daily attention: Information architecture, resilience methodology, prevention programs, and response planning,” says Edward Amoroso, Founder and CEO of TAG Cyber, former CSO at AT&T and a regular cyber columnist for HMG Strategy.“Expect the overall implementation process toward meaningful progress in these four areas to take months or years, depending on the size of your company, but this is how it must be done,” warns Amoroso. “Buying some tool, or pledging to patch faster, or asking your sysadmins to check for this file extension or that, and on and on – will not work. This is a challenge that must be managed methodically and professionally. Everyone should start today.”