Revealing the Reality of Ransomware

Nimesh Mehta, Chief Information Officer, National Life Group

Nimesh Mehta, Chief Information Officer, National Life Group

Surreal, exhausting, relentless, chaotic are some of the words we use to describe how we feel during the pandemic. While these words describe our emotional state, the world of bad threat actors is probably using words like opportunity, target rich, profitable, goldmine, and perhaps even easy to describe their world during COVID-19. Cybercrime accelerated during the pandemic and is expected to cost the world $6 trillion annually, making it more profitable than the illegal global drug trade; all from the comfort of their “couch”. While these times are unprecedented, the “next normal” will usher a whole new world of cybercrime and cyber defenses.

2020 was a wakeup call for many organizations as they faced the reality of moving to work from home overnight. To enable a remote workforce many organizations were forced to relax various security controls and requirementsthat wouldn’t transfer over to a remote world. This transition opened the doors to a barrage of threats including but not limited to an explosion of Ransomware. It was startling at first but as the frequency increasedperhaps, we started getting immune and stuck our heads in the sand like ostriches and said, “another one - but it won’t happen to me”.

My hope is to help bust the myth that ransomware is solely an organizational problem and not an individual issue. Individual ransomware attacks may not be newsworthy, but it happens daily. Thus,ransomware is a you, me and everybody issue.Experts claim a ransomware attack will happen every 11 seconds with an average ransom request exceeding $200,000. This is real, this is bigand, this is happening closer to home than you think.Here are some examples from a long list that brings this threat to life in ways that transcend companies to impacting global economies, supply chains, infrastructure, and the very fabric of our society - our children.

Let’s start with the JBS meatpacking ransomware attack. It is reported that nearly 25 percent of Americas’ beef products pass through JBS’s US plants. Despite JBS only being down temporarily, this contributed to the already skyrocketing prices of meat products to soar even higher. Even today post the incident, meat prices continue to be more expensive than before. Unfortunately, this impact on the economy doesn’t follow the laws of physics - whatever goes up doesn’t necessarily come down.

“To enable a remote workforce, many organizations were forced to relax various security controls and requirements that wouldn’t transfer over to a remote world”

Next the ransomware attack on Colonial Pipeline which transports 45 percent of the gasoline consumed along the East Coast. The impact was felt by the millions of Americans as they say in long lines for hours hoping to get fuel. This shortage, despite it being momentary, cultivated fear in consumers resulting in irrational behaviors like hoarding. First came toilet paper, water and hand sanitizer and now gasoline. When supply chains are disrupted with ransomware, it isn’t just big business that is impacted, all of us are affected.

Finally, Recorded Future stated that 44 public school districts were hit with ransomware this year. COVID-19 did enough damage to our education system with children having to figure out a whole new way to learn and this was additional pressure on an already struggling system. One could look at this and think, “Too bad for them. It doesn’t affect me.” In reality, when the next generation is affected, society as a whole is impacted in the long run.

So how can we as consumers and members of society help turn the tide on ransomware? I propose two, seemingly simple, but powerful steps as a call to action. First, become cybersecurity literate. Awareness is knowledge and knowledge is power. Organizations can implement millions of dollars’ worth of the latest and greatest security technology but all it takes is one click to be caught up in a ransomware incident. While companies can spend time and money to create awareness programs, the onus is on us as consumers, members of society and responsible citizens to educate ourselves on various cybercrimes and how to protect ourselves and our organizations from them.

The second is a call out to organizations to share data. Hate to say this but the bad actors seem to be more collaborative than the rest of us. While we struggle to share data hiding being our corporate red tape, criminals have created subscription businesses - ransomware-as-a[1]servicethat allows bad actors to share tools openly improving them. If we dare to share, we will improve our threat protection by leaps and bounds.As Patrick Henry rightfully said, “United we stand, divided we fall”.

As you read this, another organization, another person has been hit by ransomware. If you sit there and thank your stars it wasn’t you, then you may be a part of contributing to ransomware’s proliferation. Remember, “U” are in the middle of Sec-“U”-rity.

Read Also

Fighting Fraud is a Combination of Effective Preventive Systems, Use of Skillful Staff and Employee Awareness

Fighting Fraud is a Combination of Effective Preventive Systems,...

Kim Siren, Head of Fraud Management at OP Financial Group
Intentionality Is The Key To Increasing Diversity In Information Technology

Intentionality Is The Key To Increasing Diversity In Information...

Rosemarie Lee, Vice President and Chief Information Security Officer at BlueCross BlueShield of Tennessee