How IT Leaders Are Fighting Against Cyberattacks

Amid an escalating number of well-publicized and costly ransomware attacks, private and public sectors are joining forces to beat digital hackers at their sophisticated and highly lucrative game. 

The Colonial Pipeline ransomware incident in May was the largest cyberattack on oil infrastructure in U.S. history, causing massive disruptions to gasoline distribution in certain regions of the country. Reportedly netting the perpetrators about US$4.4 million, it occurred just days before U.S. President Joe Biden issued an executive order intended to bolster the digital defenses of federal government agencies, critical national infrastructure, and American businesses.

Later that month, the administration released a 2022 budget proposal requesting $58.4 billion for IT at civilian agencies that included $500 million earmarked for the U.S. Technology Modernization Fund.

On a global level, the World Economic Forum last year launched its Partnership Against Cybercrime initiative, a collaboration of private and public sector organizations charged with creating actionable responses to digital attacks while raising the cost of conducting cybercrime and increasing risk to cybercriminals.

Cybersecurity Becomes ‘Main Street’ Issue

Like the global partnership, Biden’s U.S. cybersecurity order is also collaborative in nature, in part calling for the private sector to “partner with the federal government to foster a more secure cyberspace.” That sentiment has long existed on paper but is finally gaining real-world traction, according to Davis Hake, co-founder of Resilience Insurance in San Francisco and a federal cybersecurity expert.

In addition to insuring businesses against the financial damages of data breaches,

Resilience offers cyber defense/recovery education and solutions while “sharing our learnings in the private sector with the government and learning from the information the government shares with us,” Hake said.

Hake served as White House Director of Federal IT Security in 2014 and is an

Adjunct Professor of Cyber Risk Management at the University of California, Berkeley. He remains optimistic for a secure digital future despite the flurry of ransomware headlines that include a July attack on software tools maker Kaseya, said to have affected 800 to 1500 businesses around the world, and a reported $11 million ransom paid by JBS Foods in June after cybercriminals temporarily knocked out plants that process about a fifth of the U.S.’s meat supply.

“Ransomware has started to drive a lot of seriousness in the [public] consciousness,” Hake said. “As attacks start hitting not only larger companies but also the mid-level businesses that make up the supply backbone of our economy, cybersecurity is really becoming a Main Street issue.”

Ransomware Controversy: To Pay or Not to Pay?

Hake acknowledges that ransomware is one of the most difficult cyber-risks to manage. It leaves compromised organizations in a Catch-22 when hackers encrypt their business data and demand large sums of money in return for the decryption key needed to unleash it. Traditionally, the victimized business either ponies up the ransom or suffers prolonged business downtime as it rebuilds its data stores.

However, to protect themselves, some savvy businesses have created “air gap” systems--full data backups that aren’t connected to a penetrable network, said Kong Yang, a security expert and former head of service provider marketing at Nutanix. He cited familiarity with a South Korean company that recently avoided paying perpetrators in this way and only experienced a weekend’s worth of downtime.

On the other hand, these moves have caused some hackers to pivot and raise the stakes, said Sebastian Goodwin, Chief Information Security Officer at Nutanix and an Adjunct Professor at the University of California at Berkeley School of Information.

“Now [hackers] may threaten to decrypt and release the target’s data onto the public Internet or sell it on the black market if ransom demands aren’t met,” Goodwin said. “In those cases, immutable backups don’t help.”

What to do in these situations is a controversial issue. A few U.S. states – New York, North Carolina and Pennsylvania — are considering legislation that would ban state and local government agencies from paying a cyber ransom. And some private-sector companies have already created policies not to pay, regardless of the cost to their business.

“Paying ransom fuels the problem by giving bad actors incentive to keep launching such attacks,” acknowledged Hake. “But the attackers [are largely] focusing on high-profile targets, like hospitals and energy companies. If those organizations don't pay and don’t recover, there’s a real impact on people's lives.”

For this reason, he said, “I don’t think we’re at the point where we can ban ransomware payments across the board yet.”

Practicing Cyber Hygiene

Yang said the companies he talks to aren’t worried about the vulnerabilities they find or the ones that are publicized. Their biggest concerns are the threats “they can't see, the ones that aren't flagging up with traditional [security monitoring] tools.”

Adding to the pressure has been the rapid uptake of remote work during the past 18 months of the COVID-19 pandemic, which has left organizations more exposed to credential theft, phishing attacks, and VPN hijacking.

Deploying multifactor authentication (MFA) and endpoint protection software is important. “Passwords alone are obsolete at this point, easily compromised by a phishing email or brute force attacks,” said Goodwin. 

To detect a ransomware attack, set up an alert to look at the overall CPU and memory utilization, advised Yang. “Utilization should be pretty consistent for systems that have been stable for a while,” he said. “When an incident occurs, it typically goes up because a data set is being encrypted. Also, your data almost doubles in a very short amount of time, because [the intruder is] encrypting a second set of data.”

Make sure admins, users and applications don’t have access to data resources beyond what they require to perform their jobs. Also, stay current with software patching to minimize exposure to any software vulnerabilities.

Preventing an attack in the first place is ideal, but not always possible, noted Hake. “So beefing up incident response/disaster recovery practices is essential,” he said. “Most businesses haven’t given enough thought to what happens immediately following an incident and how they can quickly pick up the pieces to make sure the event isn’t catastrophic.”

By combining analytics and machine learning, businesses can analyze past and current data to identify  “normal” patterns of usage, then train their systems to alert when there’s a deviation and hopefully thwart an attack.

Replicate the security layers from data center to the cloud. Many companies have DevOps staff build business applications in the public cloud, “where they don’t have to ask permission to poke holes to open something up – the things that slow them down,” said Goodwin. “But as soon as you open something on the Internet, hackers act immediately. We used to have one stack of security tools in the data center; now, we need a similar stack in each cloud we use.”

The rise of software as a service (SaaS) has everyday business applications like Office365, Google Drive, Salesforce.com, and Slack sitting on the Internet. “If they’re not locked down, you leave an application open, or create an account with a simple password, hackers take advantage,” warned Goodwin.

Tackling Security from All Angles

In a business landscape that no longer has identifiable physical perimeters to secure, enterprises and government agencies must deploy cyber defenses in multiple dimensions. That means at the user device, admin and user authentication, network access, and application levels and in conjunction with others’ detection and mitigation efforts.

The well-documented cybersecurity skills shortage has some savvy companies crowdsourcing “friendly hacker” talent, whereby they subscribe to a service such as HackerOne, BugCrowd, and Cobalt.io.

“if you subscribe to one of these services, they will allow hackers within their network to look for holes in your systems,” said Goodwin. “If they find one, you pay a fee. The company, one like HackerOne, gets a cut of that fee and the rest goes to the individual who found the hole.”

And being prepared to recover is critical because infiltrations are inevitable, said Hake.  “The hackers only have to be right once [to make a successful breach] while we have to be right a million times, and be continually right” to keep them out, he said.

Decades spent developing ways to coordinate defenses and shared best practices can businesses respond quickly to attacks, said Hake.

“It’s not only about how you protect yourself from attacks, but also how you build resilience against them.”

Editor’s note: Explore the 2022 Cyber Attack Statistics, Data and Trends list compiled by IT services provider, Parachute. Visit Password Manager to find expert reviews of the latest password managers and online security tools. 

Joanie Wexler is a contributing writer and editor with more than 25 years of experience covering the business implications of IT and computer networking technologies.

© 2021 Nutanix, Inc. All rights reserved. For additional legal information, please go here.