Keynote, Bryce Austin, noted author and Cybersecurity expert, returned to the Sandler Partners National Summit Stage to give a presentation about Cybersecurity – its history, evolution, and current threats. The story begins with some historical context, reviewing the infancy of network/data security that first began in World War II. Things have come a long way, but there are still some parallels to be found.
Those impressive first network steps, upon mighty weapons of war, had no thought of Cybersecurity. Initially, for voice communication, security comprised red secure phones and black non-secured phones. The red phones required more training, personnel, hardware, and expense. As the first “internet” was deployed on a ship in the ’80s, the idea of it being vulnerable to “attack” wasn’t even considered. The internet was a plaything at first, and who secures playthings, before evolving into a serious platform. For many, that gap from when first efforts begin to when security enters the conversation continues, as many organizations are perpetually playing catch-up.
Today though, the conversation is very different and much more serious. Ransomware is one of the largest cost/most frequent types of attack. Bryce identified the CNA attack of 2019 as the largest payout (reported) in history with a $40 Million price tag paid to a Russian cyber gang. The payer, CNA Financial, ironically, is a firm that offers Cyberattack insurance policy coverage. Private companies, governments, private individuals, and even insurance companies are all potential victims of this kind of crime.
We have a problem. Computers are no longer little boxes, they are a hive mind interconnected to the whole world. There are people, in all parts of the world, who are looking to take advantage of this and exploit any weakness available. There is so much data that is vulnerable – customer data, government information (like fingerprints, SSNs), POS systems, financials, photos, videos, proprietary…the list is almost infinite.
We need to be proactive, even while reactive events grab the headlines and create nightmares for people all around the world. During the session, Bryce walked through one such occurrence and the lessons learned – from steps taken (creating a war room, who to include in the response) to what was seen and what would have protected them. Interesting notes include descriptions of what the attack looked like, interpretation of the approach, the sophisticated “business-like” demeanor of the criminals, and even a voice mail recording from the cybercriminal laying out their demands with the process the target needed to follow; to maintain their data, receive a decoder, and keep the event from being made public.
This real-world example gives you a great insight into the process, including timelines and prioritization of steps. There is so much more involved than just paying the ransom (including negotiating the amount), receiving the decoder, and magically unlocking the data. The average downtime from a ransomware attack is twenty days, but that may just be for basic operations, with operational normalcy not coming until much later.
You may think, “Payments can be traced” but, thanks to cryptocurrencies, the ransom money is often moved around until the path is lost and unrecoverable. Organizations may have insurance to cover such an event. Law Enforcement and the organization’s insurance company can provide useful services and should be included in the conversation as early as possible, but only after the customer consults with their legal representation.
Cybercrime is a big business – with “off the shelf” attacks (with playbooks and scripts) and gangs/individuals who customize their approach. An event can end an organization, big or small. Protection is the best policy, but if the inevitable happens, preparation can help organizations weather and survive the attack. In Bryce’s example, the anti-virus solution in place had been squawking, but it wasn’t being monitored, something that wasn’t noticed until after the fact. Due diligence needs to be laid out and followed. Training is critical. Outsourcing can be both cost-effective, and a way to ensure that crucial steps aren’t de-prioritized.
The final slide of the hour said it all:
“PROACTIVE DETECTION BEATS A GREAT RESPONSE, EVERY TIME”
Watch the full keynote presentation recording, delivered by Bryce Austin, author, speaker, CISO/CSO, for a more detailed telling of this story.