A Thing
The Green SheetGreen Sheet

Tuesday, June 22, 2021

Fed, cyber experts unite against ransomware

Ransomware attacks against critical infrastructure have inspired government and private sector alliances, according to recent reports. The Verizon Business 2021 Data Breach Investigations Report found attacks on the rise as well as average ransom payments, which have increased by 171 percent in just a year, researchers found.

The Cybersecurity and Infrastructure Security Agency, a risk advisory focused on mitigating cyberattacks, and Infosec, an education company, are making free resources available to business owners, including CISA's Ransomware Guide, to help educate the public about security best practices.

Amy Nicewick, section chief of communication management at CISA, stated that the free tools will help organizations stay a step ahead of bad actors. "Education is one of the most powerful weapons against ransomware," she said, adding that CISA is aware that not everyone has the same resources to prevent and fight ransomware threats.

Jack Koziol, chief executive officer and founder at Infosec, agreed, stating that recent incidents have shown how brazenly attackers will go after any type of organization. "The good news is that cybersecurity training and education goes a long way when it comes to preventing these types of attacks and protecting your organization's data," he said. "We're excited to team up with CISA to provide free tools to organizations and build awareness around cybersecurity."

Training available

Nicewick will join David Stern, CISA SLTT partnership lead at CISA, in a June 24, 2021, webinar at 11:00 a.m. CST, to discuss ransomware trends, prevention strategies and available tools for reducing risk. The virtual event will be free to the public, she stated. For additional information or to register, visit www.infosecinstitute.com/webinar/cisa-helps-you-fight-ransomware.

Infosec is also offering free resources as part of its cybersecurity awareness training, which is both interactive and experiential, company representatives stated, who noted that Infosec has trained more than 70 percent of Fortune 500 and over 5 million learners around the world. The organization is committed to improving security awareness and defenses against phishing and other types of threats.

Executive branch actions

On June 2, 2021, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, published an open letter, urging corporate leaders to be more vigilant to detect and prevent ransomware attacks. The letter detailed key steps that companies can take to minimize risk and impact, noted Doug Britton, chief executive officer at Haystack Solutions. A downloadable copy of Neuberger's recommendations are available at assets.documentcloud.org/documents/20796933/memo-what-we-urge-you-to-do-to-protect-against-the-threat-of-ransomware17.pdf .

Britton applauded the effort but noted implementation may be challenging for companies, stating that hundreds of thousands of cyber positions remain unfilled in the United States. "Where are the qualified cyber practitioners that can expertly implement the recommendations?" he said. "Ideally, the national strategy will also rethink the underlying economics of identifying the potential talent, decreasing the cost of training the talent, and retaining that talent in industry."

Tom Garrubba, chief information security officer at Shared Assessments, acknowledged that repeated breaches of critical infrastructure show a need for accountability. "Financial institutions and even retail have been held to a higher level of legislative scrutiny, so why is it that infrastructure organizations appear to skate by?" he said. "Perhaps it's time to bring in the executives and board members of these breached organizations to publicly explain these breaches and how their organizations are addressing the IT risks in the current environment."

Bipartisan support

On June 17, 2021, a bipartisan group of senators introduced The International Cybercrime Prevention Act, legislation designed to enable the Department of Justice to impose stricter penalties on ransomware and prosecute botnets and other bad actors. The bill has received broad support from the cybersecurity community.

David Stewart, chief executive officer at Approov, called the bill a positive step forward that will help government agencies pursue perpetrators. Ransomware has dominated recent news cycles, he added, with "a constant backdrop of data exfiltration and plain old fraud via the exponentially expanding threat landscape."

Dr. Chenxi Wang, general partner at Rain Capital and former vice president of research at Forrester, agreed that it's time to prosecute cybercriminals to the full extent of the law. "I am happy to see that the government is considering stricter penalties for those threat actors, many of them are foreign based," she said. "Because of the widespread impact of these attacks, I also think it is important to go a step further to establish international coalitions or treaties against ransomware and critical infrastructure attacks, perhaps in the same vein as the nonproliferation of nuclear weapons treaty."

The International Cybercrime Prevention Act is available at www.whitehouse.senate.gov/imo/media/doc/International%20Cybercrime%20Prevention%20Act%20of%202021%20Section-by-Section.pdf   end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing