Skip to content

This is a hold up!

 

Today we will be discussing Ransomware and how it has impacted so many of us – specifically in the last two weeks.

Just a reminder – We have our gadget show next week on June 15th and another one on July 27th so be sure to post any questions or suggestions and we will happily review them. I’ll leave the link to the forum in the show notes below as well.

What’s in a Name?

Ransomware – Here are a couple of definitions from experienced data journalists

With ransomware, a hacker slips into a system, then puts encryption controls in place that locks users out. The hackers then demand money to “unlock” the data.— Elizabeth Millard

Today’s ransomware scammers often demand payment in bitcoin because the digital currency is easy to use, fast, and provides a heightened anonymity for the scammers, according to the FBI warning.— Susan Tompor

The landscape of the digital world changed dramatically in 2013 with the introduction of Ransomware technology. to watch the news these days, you do feel the perpetrators have more control over us than we ever expected.

When ransomware first came out, we would all hear of cellular devices being “bricked” or individual computers locked out until a fee or ransom was paid – back then usually a couple of thousand of dollars…

But look at where we are literally today with major industries such as both Gas pipelines and the meat supply chains being effected in just the last four weeks.

The two cases I refer to are the Colonial Pipeline and JBS Meats

  1. the hack of the Colonial Pipeline a month ago shut down the plant , which incidentally controls 45% of fuel on the Eastern U.S. seaboard. This of course led to large scale panic in gasoline buying along with many gas stations being closed for more than a couple of days.
  2. The JBS meat plant a couple of weeks later is the largest plant of its kind in the world.

Both these ransomware attacks came at a considerable cost not only financially but through major supply chain disruptions. The goal of the hackers is to put these large corporations in such a place that they will pay the millions requested in ransom to release the systems back.

Colonial Pipeline payed the Darknet hackers – suspected of having a Russian origin – the equivalent of 4.4 million bitcoin – allot of which just hours before this podcast aired – was transactionally traced by the FBI and recovered this morning.

One of the offshoots of this was many phishing attacks sent to other company emails under the guise of the heading “help desk” asking the user to click on the link to avoid having the same ransomware done to their company – Of course the issue is that this was exactly what was enabled when you clicked the link.

It’s exhausting to try and maintain such a high level of vigilance in any organization – you have to be correct 100% of the time where as the hacker only needs a one off to set a chain of events in motion that creates a consumer frenzy due to a race for the resource.

The same type of hacking event transpired at JBS Meats at the end of May and CNBC business news noted that due to the hack the plant was down 22% in cattle production and 19.6% in Pork production globally. While JBS managed to get their services online relatively quickly in many of the countries where they have a presence .. the rumours of prices escalating due to the hack had market and industry experts in a tizzy for about 48 hours.

Due to the wide reach these two consumer services, we see how such attacks are consequential to our societies and how much work it is to lock out foreign actors.

In the United States, President Biden’s department of justice going forward will now be treating the investigation of such attacks as terrorism.

One expert in the field of cybersecurity is Michelle Johnson Cobb. In the past, she has discussed several solutions towards integrated security controls and their databases, threat assessments, and the sharing of sensitive classified threat information from countries around the world.

Michelle notes that there are 3 things to keep in mind while shoring up organizational risks. From her interview with DarkReading on Vimeo she cites the following:

  1. Be able to audit your security controls and understand what they are doing
  2. Do an end to end analysis looking for open access passes from a physical environment to a cloud based solution and ensure that information cannot leave the organization on the way through
  3. Engage in vulnerability management – an example looking for patch management and change management protocols .. that will greatly reduce risks.

On the topic of employment in the field, Michelle raises an excellent point that I will second here. Today, there is a gap of over one million jobs in the US in the field of cybersecurity – A statistic from a couple of years ago shows that 58% of women in the field have advanced computer science and engineering degrees compared to 47% of men.

But somewhere between graduating and getting on the career path, women are turning away – or being turned away from – cyber security. On a personal note, and as one of the only women in the majority of my meetings, I will say that it is critically important to have widely diverse teams to discuss cyber security from all the possible angles.

And as one of my heroes Ruth Bader Ginsberg said,  “Women belong in all places where decisions are being made.”

Cyber security jobs are on the rise and it is of critical importance to promote and recruit women into a field that will only grow in importance as the years go on.

Personally – I have built my company into two tiers this year – the client consultative arm and the education arm – from which the Tea and Tech Podcast and this blog was born.

We have much work to do to encourage female youth in the field of STEM. I hope if you are reading this and know of any young women that are interested, you help them further and hopefully they will be a part of the growing work force required in the coming few years.

Next week we are reviewing gadgets and a few things that are just helpful for your peace of mind whether you are designing flawless networks or enjoying a cup of tea.

cam.

Skybox on Dark Reading: Integrated Security Platform

Be Sociable, Share!

Post a Comment

Your email is never published nor shared. Required fields are marked *