Page 56 - Cyber Defense eMagazine January 2023
P. 56
A global, long-term battle of attrition against ransomware criminals
At the summit CRI partners made concrete commitments, including but not limited to initiatives like
biannual counter ransomware exercises, coordination of priority targets through a single framework, and
delivering an investigator’s toolkit. The important thing is that everyone focused on a singular objective
through increased intelligence sharing, aligned frameworks and guidelines, and coordination of actions.
I am heartened to witness the world’s leaders cooperating on adopting a pragmatic view of the
ransomware landscape and acknowledging the ingenuity of cybercrime networks, as well as accepting
that we are all engaged in a long-term, ongoing battle of attrition. However, the conversations were still
centered in a traditional mindset toward cybersecurity, which may leave gaps in a less than holistic
strategy. To provide the best possible chance of thwarting ransomware attacks, it is imperative that we
integrate our best defenses by also including the physical computing layer, moving to a more holistic
protocol. In the last two years, cybersecurity software continued to be reactive, and thus allowed hackers
to conduct their activities largely unchecked. Once cybercriminals have gained access to organizations'
systems or their valuable data, it is too late to remedy the situation. Thus, tremendous volumes of
ransoms were remitted, estimated to cost $20 billion worldwide.
Combatting a borderless threat to national security
A global problem that transcends borders must be addressed with a global yet borderless approach.
However, how do we address a global problem that is simultaneously borderless and yet still threatens
the national security of many countries? According to reports, Russia-related variants accounted for
about 75%, or 594, of the 793 incidents reported during the second half of 2021. Beyond the payment
outcome of being held for ransom, nations must also consider what valuable data, information, or goods
the hackers are using to hold organizations ransom. We may see more cybercriminals doing the bidding
of state actors to stir up political dissent and orchestrate social engineering attacks and confusion.
Cybercriminals cannot be allowed to act without consequence. Thus, crimes occurring in cyberspace
should be met with equal severity as those in the physical realm. To that end, I believe the task force’s
commitment to pursuing and sanctioning responsible state actors or individuals is wholly correct. For
instance, the decision not to provide ransomware actors with safe havens is similar to individuals found
guilty of other forms of major financial fraud, dangers caused to public safety, and espionage.
Cross-border cooperation is essential and must have a place across the entire cybersecurity life cycle.
The governments of all countries must look towards adopting new technologies to plug existing gaps,
keeping channels of communication open for greater multi-lateral cooperation, running joint response
drills and exercises to sharpen unified incident response capabilities, and critically, fostering greater
collaboration between the private and public sectors.
Public sector and private companies partner to mitigate ransomware threats
The average total cost of a ransomware breach in 2021 was $4.6 million. As the prime targets which bear
the greatest financial burden of attacks, corporations are in a unique position to supply critical technical
Cyber Defense eMagazine – January 2023 Edition 56
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.