…and so it begins
We have been talking about cybersecurity as a business enabler with many of our clients lately. In the early days, much of the discussion centered around the doom and gloom of cyber-attacks and the cost of failure. As cybersecurity has matured as an industry and connectivity has grown, the discussion has moved towards how paying attention to cybersecurity helps enable business growth. Cybersecurity reduces the risks associated with digital transformation and allows businesses to do more faster.
So this has to be flipped around from the attacker perspective for a moment because as the world of cyber-attacks has grown, so has the ability to explore business models from the attacker perspective. The days of attacking systems to disrupt operations or ethically demonstrate a vulnerability have “matured” into attacking systems to make money.
Let’s talk about the lucrative ransomware industry for a moment. The ransomware community has been the benefactor of a confluence of events as of late. Bitcoin is now a very negotiable currency and is difficult to trace. COVID-19 forced companies to take more systems online than ever before, and the regulators have done little to top the business model from taking root. In the last few months, we have now witnessed two major ransomware attacks. The Darkside attack on Colonial Pipeline, an energy company that delivers the majority of fuel for the Eastern part of the United States, resulted in the operator paying $4.4 million in ransom to get their systems operational after the attack, which also led to huge gas lines and insane spikes in gas prices. The FBI was able to recover 63.7 bitcoins worth $2.3 million allegedly paid to the perpetrators. The latest attack on the world’s largest meat processor, Brazilian based JBS. Apparently it too is a ransomware attack although details are pending. Expect hackers to continue to innovate and find ways to use cybersecurity to make money.
Successful business models enabled by cybersecurity are indeed popular for enterprises as well as, unfortunately, for attackers. Attacks on large organizations that lead to losses in untold millions of dollars per day are likely to yield high ransoms in short order. It comes down to simple math, and companies are insured for such losses. Paying a multi-million dollar ransom is not as painful as losing $20 million in revenue. Colonial Pipeline is the largest U.S. pipeline system for refined oil and generates revenue of $3.5 million. The attack took down the pipeline for six days. As long as attackers are able to make on ransomware and hold onto the ransoms, expect these attacks to increase.
From the victim perspective, however, there is more to consider than simply the loss of the ransom paid and stoppage of business. High profile attacks drive regulatory scrutiny as well as loss of public trust. Additionally insurance companies look at such companies as being higher risk, which can lead to very high costs of insurance as well as clauses that will protect the insurance provider from paying huge sums to the insured. It now becomes more important than ever for organizations to develop a defensive strategy against ransomware that goes beyond simply buying a cyber insurance policy or training employees on cyber safety. Companies need to address the vulnerabilities in both enterprise IT and industrial OT infrastructure to make it more difficult for attackers to compromise their systems to begin with. Farallon Technology Group helps companies address cybersecurity risks across their enterprise, cloud and industrial systems.
Think about it.