Is it really the Wild West in cybercrime? Why we need to re-test our approach to ransomware

Recent ransomware attacks indicate that the current model of cyber security is working. It’s time to dump her and move on.

Image: Bloomberg / Getty Images

Again, cybersecurity has become an important topic and with the good technology circle outside, with the unknown operator of the important fuel pipeline: Colonial pipeline. A ransomware The attacks, and the subsequent panic purchases of petrol, resulted in widespread fuel shortages along the East Coast and pushed the issue of cybersecurity into the lives of everyday Americans.

Colony Pipeline CEO Joseph Blunt later admitted that his company Finally paid 4.4 million to cyber criminals To unlock company systems, generating a lot of controversy surrounding simple questions (and related complex possible answers), companies must pay when their system is mortgaged by ransomware.

See: Security incident response policy (TechRepublic Premium)

Wrong debate on the right issue?

There are good arguments on every side of the “every company has to pay” question, especially when cybersecurity disables a significant portion of critical infrastructure. Ethics and encouraging criminal behavior may be worthy of debate, but if the transport infrastructure is at risk and there is no technical solution in sight, those arguments are of little interest to the audience.

See: Ransomware Attack: Why a Small Business Paid a फिर 1,000,000 Ransom (TechRepublic)

Instead of discussing an ethical and ethical question from the very beginning of human society, the proper debate we need to have is about the important role of technology in non-technology companies. This may seem like a strange question, as technology was ubiquitous in the Fortune 10 group from Mom and Pop corner stores. What is surprising, though, is that for the vast majority of these companies, technology is not their core business.

The challenge of tech in non-tech companies

Companies with the technology have made a name for themselves as major businesses, such as Amazon, Facebook, Google and Microsoft, with marine exceptions being the ones that run everything from running hospitals to hospitals through pipelines. These companies must maintain and implement complex processes, long-distance operations and complex talent networks. Assuming they can do all this, they also need to build, support and secure heavy complex technology systems.

See: Darkside ransomware group disrupted after colonial pipeline attack (TechRepublic)

This may sound obvious, but the effect is similar to asking Amazon to set up a “side business” to perform complex brain surgery at home or to ask Apple to start an internal department with its sophisticated data on oil drilling, drilling and power. Centers. These complex businesses are best left to others.

Putting security back in cyber security

When the general public talks about cybersecurity, colorful hats about the Wild West often appear, referring to the lawless and chaotic days of the Western expansion of the 1800s in the United States. Unfortunately, this historical context is better than many realized, as general commerce and infrastructure security were under constant threat from organized criminal gangs in that era, which they do today.

The threat of organized crime eventually threatened large and small businesses with what companies like Wells Fargo created as their own police and investigative units. A private company built its vast network of armed security and special agents tracking down criminals and assisting local sheriffs may seem like bizarre historical relics, but that’s what we’ve told most organizations when it comes to cybercrime.

See: Colonial pipeline attacks remind us of the weaknesses of our critical infrastructure (TechRepublic)

In the absence of well-equipped and well-organized law enforcement, cybersecurity is indeed the Wild West, with organized gangs paying off. botnets Rather than colt and nabbing Bitcoin Rather than stage coach treasure boxes.

Wells Fargo Special Agent has become a modern version of a special type of cybersecurity company that provides rental security on a commercial basis. However, they lack legal authority and broad access to organized government. Just as ordinary citizens settled in the western United States and demanded safe, regular trade and infrastructure from our government, our citizens must now demand safe, regular trade and infrastructure from our government in the wild west of the digital realm.

Our existing government agencies are also scattered in the soup of the alphabet of agencies. There doesn’t seem to be any agency that is technically savvy, has jurisdiction and is a good old-fashioned source of spy work and crime fighting resources that need to make ransomware a crime that doesn’t pay off.

Could this be an inflation point in ransomware?

Maybe this colonial pipeline is an inflection point that holds ransomware, and the fact is that it is more economically efficient to compensate criminals than to build an internal cybercrime police force. Ransomware attacks require civil society to be held accountable for a clear criminal threat that deserves an appropriate, state-sanctioned response. If you’re one of the few organizations where technology is the main business, we don’t expect the Bank of America to guarantee an armed post to find criminals robbing one of its branches, nor should we. Companies to equalize cyber.

See also

Leave a Comment