1(630)802-8605 Ravi.das@bn-inc.net

I had a great podcast show yesterday, where my guest is a software developer creating web-based applications.  He’s got his own company based in Utah, and not only did we talk about the issues when it comes to writing secure code, we also talked about the Cybersecurity Threat Landscape in general towards the end. 

One of the things that we did talk about is what 2020 could shape up in terms of Cybersecurity, and what some of the biggest threats could be.

It seems that Ransomware is the consensus (along with Phishing, of course).  This is where a Cyberattacker takes control of your computer, locks it up, and demands a ransom to be paid via a virtual currency (like Bitcoin).  Once this payment has been received, then in theory, the Cyberattacker is supposed to send the decryption algorithms in which it unlocks your computer.  But of course, this hardly ever happens.

I have written about this before, one of the key things I have said is to never pay the Cyberattacker what they are demanding.  There are two key reasons for this:

*You never know when they are going to strike you again;

*By paying them, you will only feed upon their ego and obsession to hit upon even larger victims.

This mantra I have seems to be very well echoed by a recent survey that was conducted by an organization known as “Morning Consult”.  The study was sponsored in full by IBM Security, and slightly over 2,200 American citizens were polled.  Here are some of the key findings of this survey:

*60% of the respondents stated that they would rather see their hard-earned tax dollars go towards the recovery efforts of business that has been impacted by a Cyberattack, rather than paying the Cyberattacker;

*Some cities that were hit by a Ransomware attack did pay up, these include:  Lake City and Riviera Beach, FL, Rockville Center, NY, LaPorte County, IN, and Jackson County, GA.

*There were other cities that were hit by a Ransomware attack but chose not to pay up.  These include Baltimore, MD, and Atlanta, GA.  Since they did not pay, they have had to rebuild their IT Infrastructures that were impacted;

*Another Ransomware attack impacted New Bedford, MA; but the city decided to pay up the $5.6 Million that was demanded by the Cyberattacker(s).  Luckily, only 158 computers, or about 4% of its entire IT Infrastructure was impacted.  It is interesting to note that the city counter offered with only $400,000 but was turned down;

*Most of the respondents do not consider the 911 system as well other emergency services to be important enough to pay a ransom in case they were hit with a Ransomware attack;

*30% of those polled stated that they would not support a ransom payment be made if their respective police department or school system were hit;

*38% of the American citizens are willing to paying ransom to restore critical government services if the amount was only $50,000 or less;

*37% of those polled said they are opposed to paying a ransom if their public-school system was hit;

*An overwhelming 90% say that the Federal Government should play a bigger role in protecting US cities;

*75% have even claimed that the Federal Government should offer monetary assistance to any US city (no matter how large or small they are) that are impacted by a Cyberattack.

My Thoughts on This

After reviewing the results of this survey, all I can say is WOW!!!  I never realized that so many Americans would be this vehemently opposed in paying off a ransom to a Cyberattacker.  And, I am quite delighted by it.  But the one thing that I have sort of mixed feelings on is the reservation on paying a ransom in case emergency services are impacted. 

It’s one thing if it was an IT Infrastructure of a business that was impacted, but we are talking about services that are lives could potentially depend upon.

For example, what if somebody has a heart attack, and they try to call 911 and nobody responds to it.  Is that person supposed to drive themselves to the hospital?  This example only shows just how vulnerable our Critical Infrastructure is to a Cyberattack.  It will only be a matter of time until the Cyberattacker shifts their eyes towards this target, and unfortunately, there is not a lot we can do about for quick remediation.

The primary reason for this is that much of the American Critical Infrastructure is based upon legacy security systems.  We simply cannot rip these out and out new ones in.  Rather, a much more careful, methodological approach needs to be taken to implement newer security systems that can be added on to what is already in place. 

But the key here is, in order to make all this work, all these systems and sub systems, etc. need to be interoperable with each other.

I pray with all my heart that a massive attack on our Critical Infrastructure never happens.  Just imagine what it would be like if we had no access to water and electricity for days or weeks on end.  To us, it would be like living in prehistoric times.  Let me put this in another way: 

Suppose your Smartphone gets lost or stolen.  You would almost feel paralyzed initially.  Now, magnify this feeling by over 100X if our Critical Infrastructure were to be ever hit by a Cyberattack.

But there is a work around that should work if you are ever hit by a Ransomware attack:  Always keep regular backups of your critical files, and information/data.  That way, if you ever become a victim, you can always discard your computer or wireless device, and get a new one, and restore everything for the most part with your backup files.  But this example is for just one person if they are impacted.

What about a much larger business or corporation?  The same holds true.  While it may take longer to restore all the backed-up files, the cost to replace impacted machines would be much cheaper than it would be to pay the entire ransom. 

In this regard, you should have always had at least two sets of backups always on hand – one that is off site and one that is on site, in a nearby location.  Always consider using the Cloud for backing up data.

Although there are those critics that are against it, many Cloud providers are now even offering greater levels of security to their customers that utilize their services – after all, their reputation is at stake as well.  Heck, you can even use multiple Cloud providers to create all sorts of different backups so that you are not just relying on one primary source. 

Also, businesses should use seriously consider making use of what are known as “Virtual Machines”, or “VMs” for short.  This would be in lieu of physical servers that are stored on site.  VMs are the same thing, but instead are based in the Cloud to offer even more protection.  They are not physical based, but rather, are emulated versions of your onsite servers.

Finally, more details about this study can be seen here at this link:

https://www.ibm.com/downloads/cas/MKPQVOL6