16 June 2021

Ransomware Attacks Don’t Only Happen To Other Organizations…

Enrique Dans

The growing number of ransomware cases in recent years highlights the importance of implementing a security culture in organizations, even more so when, due to the pandemic, many people have switched to working from home without taking the right precautions and having thus generated many vulnerabilities. While some of the organizations affected have refused to pay and have been able to save most of their data thanks to the use of backup copies, in many other cases we have seen major interruptions in their operations or the payment of large ransoms.


Concerned at the ease with which supplies of anything from energy to food can be so easily interrupted by cyber-attacks, Washington is considering measures ranging from making the reporting of such incidents mandatory for companies, which have traditionally tried to deal with this type of situation discreetly, to fine those who pay ransoms, along with diplomatic actions towards the countries harboring these cybercriminals or even the possibility of a military response.

The US administration is considering classifying ransomware with terrorist acts such as 9/11, giving full priority to combating it, and classifying it as a direct threat to national security. Seeing the supply of fuel and meat products in some areas of the country at risk in a short period of time is something that undoubtedly generates significant fears.

The reality is that cyberattacks are extremely versatile, since they can be prepared far in advance and activated at a crucial moment. Criminals could potentially paralyze an entire country — although most attacks are part of lucrative scams that sometimes involve intermediaries — or even used as a weapon for certain causes: radical environmentalists could, for example, launch a wave of cyber-attacks paralyzing the activity of airlines, oil, livestock or other types of farms, such as coal-fired power plants, as part of a concerted campaign to reduce carbon dioxide emissions.

Cyber-attacks are relatively easy to carry out, and protecting society is complex, requiring anything from adopting zero-trust architectures to a complete rethink of systems and, above all, of the training of employees, who are often the weakest link in security. This is a war with new rules of engagement, for which many organizations are totally unprepared.

Prepare your organization: train staff, develop a culture that values security, create efficient backup procedures, keep all systems properly updated, hire cybersecurity experts or consultants… don’t ever think that it can’t happen to you. On the other hand, cyber-attacks are not inevitable, nor is the war lost. We may all be equally at risk, but as Orwell said, “some are more equal than others”. A cyber-attack can damage your organization’s reputation, and incur in significant financial loss, along with disruption or your activities, but above all, it shows that someone was not doing their job properly.

No comments: