In just the last month, the United States and businesses within have succumbed to a number of high-profile ransomware attacks. Most of these attacks could have been prevented, including that which targeted the world’s largest meatpacker, JBS Foods, and another which singled out iConstituent, a vendor that provides assistance with constituent services to members of Congress.
As if the ransomware attacks themselves aren’t astonishing enough, in the last month, we’ve seen record ransom demands met by American companies.
In fact, in just the last 24 hours, we’ve learned that JBS Foods paid a ransom of nearly $11 million. This payment, according to its U.S. Division Chief Executive Officer, was necessary to prevent further plant disruptions and to limit the potential impact it might have on the American supply chain.
The ransomware attack on JBS Foods, which prompted it to shut its five largest beef processing plants in the United States, is similar to the ransomware attack that halted operations of the Colonial Pipeline. Causing drivers to rush in a panic to the pump for nearly a week, the Colonial Pipeline ransomware attack resulted in a $4.4 million ransom being paid to the perpetrators.
JBS PAID $11 MILLION TO RESOLVE RANSOMWARE ATTACK
Pairing these attacks with the recent revelation that cybercriminals have successfully carried out an attack on iConstituent, all but stalling the ability of Congressional offices to communicate with their constituents, underscores the threat ransomware poses to American infrastructure and our national security.
Ransomware has long been a threat to the United States. First striking American soil in September 2013, the attacks infected home computers and encrypted personal photos and videos. Ransoms were hundreds of dollars, and when paid, users were highly likely to get their information back.
However, since first taking foot in the United States, ransomware attacks have rapidly evolved in complexity and frequency and are instead now targeting our airports, healthcare facilities, small businesses, and local governments. We’re even bearing witness to cybercriminals breaching federal agencies, and like in the case of JBS Foods, shuttering the operations of vital infrastructure needs.
As a result of the ongoing cyber threats facing our nation, President Biden recently announced the launch of a public-private task force designed to analyze and develop an action plan for an aggressive and comprehensive whole-of-government response to cybersecurity threats, including ransomware.
‘BROADER ECONOMY’ AT RISK IF US DOESN’T ACT ON CYBERCRIMINALS SOON, GOP LAWMAKER SAYS
In the 81-page report issued by the task force, it’s noted that “there is no silver bullet” in dealing with these types of cyberattacks. That fact is well known. However, in my experience as a cybersecurity professional for 30+ years, there are in fact three simple steps that could be taken by companies and governments alike to prevent the majority of cyberattacks from being successful.
First, it starts with mindset. The government must shift its focus to prevention to complement reaction. For instance, in the President’s Executive Order issued last month, he outlined several strategies aimed at crippling the threat of ransomware. However, the Executive Order falls woefully short of any preventative measures – and that’s a big mistake. While prevention may not be the singular silver bullet, prevention tools are a critical part of the bigger puzzle.
JUSTICE DEPARTMENT TO ELEVATE RANSOMWARE ATTACKS TO BE ON PAR WITH TERRORISM
That said, most important in respect to preventative tools, it is imperative that IT administrators deploy the use of Application Allowlisting. This approach, endorsed by the U.S. Department of Homeland Security and the National Institutes of Standards of Technology, all but eliminates the possibility of falling victim to ransomware. It only allows programs that are known to be good to run on the computer or network and stops all unknown programs from running and infecting devices or networks.
Second, an authentication strategy is critical. There are simple authentication strategies such as issuing passwords to your employees as opposed to allowing them to choose their own. If this isn’t an option, IT administrators should mandate the use of a password manager that assigns users their passwords.
By issuing a password or mandating the use of a password manager, you eliminate the risk of users utilizing the same passwords for their work and personal accounts. This greatly reduces the risk of a password becoming compromised and a cybercriminal gaining access to corporate or government networks.
CLICK HERE TO GET THE OPINION NEWSLETTER
Finally, transparency is key. The cyber security industry is no different than any other industry. There are good products and bad products. This process is failing in cybersecurity due to opacity. For example, in the Colonial Pipeline, JBS Foods, and iConstituent attacks, it has never been disclosed which antiviruses allowed these ransomware attacks to enter and spread through the network.
The public needs this critical information to make better cyber security choices, and these vendors should be required to disclose how the attack happened in order to prevent future attacks with the same characteristics from being carried out again.
CLICK HERE TO GET THE FOX NEWS APP
The reality is, these attacks aren’t going to stop. Just as Senator Rob Portman of Ohio said during a Senate Homeland Security and Governmental Affair Committee hearing, “no one is safe from these attacks.”
Negotiations, diplomacy, sanctions, and other government actions take time. Meanwhile, cybercriminals are continuing to act. If we really want an effective and immediate response to the hacking of business, education, medical institutions, government, and critical infrastructure, prevention, and the aforementioned steps above, are a critical part of the solution. Spending any more time waiting will only lead to more ransomware attacks on American soil.
CLICK HERE TO READ MORE FROM ROB CHENG