The ransomware crisis: It’s time to retake control

Dr Patrick Scolyer-Gray, 4 minutes read
LinkedInPrint
Kelly in the tea room experiencing a cyber attack, with the cyber criminal lurking in the background.
Originally published on 460degrees.com

 

HUMANS HAVE SURVIVED AND ADVANCED BECAUSE WE ARE A COOPERATIVE SPECIES: WE NEED TO LEVERAGE THAT ADVANTAGE

As contradictory or heretical as it might be to the capitalist dictums of market capture, what we are proposing is that we pursue cooperation based on our common interest in preserving the nation and the viability of business for all.

In addition to integrating HCCS into as much critical infrastructure as fast as possible, we also need to alter the field of play that is currently heavily skewed in favour of cybercriminals.

We have a discourse to overcome that is backed by empirical evidence and goes something like this:

When you are hit with ransomware then you are in a lose-lose situation that can only be assessed on a spectrum of terrible to irretrievable disaster. It is imperative that we counter this perception through the effective deployment of preventative measures (a specialty of HCCS) and we need to lose the defeatist attitude and replace it with something more aggressive. Think of it this way: When was the last time a large group of people found themselves besieged and walked away from the conflict victorious by being apathetic about the situation and their adversary?

 

THE BARRIERS TO ENTRY FOR ATTACKERS ARE LOW

At present, the financial calculus of ransomware attackers is fantastic. It’s cheap and easy to acquire and deploy ransomware, lots of people are doing it and relatively few victims are reporting it – even fewer when an attack is underway. Attackers need not worry about attracting too much heat or attention from authorities and, most importantly, the majority of victims keep paying the ransom!

Better still, with all the high-profile media coverage of ransomware attacks, everybody now knows that no matter how massive a company might be, if you work hard and have an eye for detail, you can expect to successfully extract millions of dollars from any organisation you like.

So much for “we will not negotiate with terrorists”.

We are also dealing with a low-risk, high-return cybercrime that any muppet can execute with a bit of time invested in watching tutorials on YouTube combined with a little help from Google.

 

WE NEED TO RAISE THOSE BARRIERS

Unless we want said muppets to become a new kind of wealthy ruling elite, we must immediately pursue radical changes in our human centric and technological cybersecurity strategies to make sure ransomware stops being a practical and/or financially viable way for cyber threat actors to make money.

It is time to accept that multiple parties have roles to play here, it’s time to cooperate and accept that mistakes have been made. Let’s just skip the blaming and finger-pointing and get on with combating the ransomware, shall we?

 

GOING INSIDE OUT, RATHER THAN OUTSIDE IN

A first step would be to invert our focus from perimeter defences and technological layers of security to a revised paradigm where we strengthen people and improve their working relationships with the cyber security tools they have at their disposal.

For example, we have seen some promising results in countering ransomware attacks by using endpoint protection software and other technology. But this requires staff comprehension and adoption (HCCS) and proper configuration to perform the task required (conventional cyber).

Enhancing cyber resilience depends on the seamless integration of conventional and human centric cybersecurity, but it is entirely achievable and produces exceptional results.

 

THE FRONTLINE DEFENCE FOR ANY ORGANISATION IS ITS STAFF

In sum, no matter how you look at it, fighting the ransomware crisis threatening Australia’s critical infrastructure requires we immediately put HCCS centre stage. And, since the vast majority of ransomware is delivered via email, the most important defence against ransomware for any organisation becomes its staff – the human element.

Unfortunately, this has not yet become the mainstream understanding of the ransomware crisis in government or industry; they continue to bubble wrap critical infrastructure in as much cyber security tech as possible.

This is futile: Even with the best defences in the world, all it takes is one person to click one malicious link or download one attachment for ransomware to annihilate an organisation. For Colonial Pipelines it was one weak password.

Bottom line: We can do this the easy way, the hard way, or not at all. The team at Cyberburst is here to help uplift the cyber capabilities in your teams.

Dr Patrick Scolyer-Gray

Dr Patrick Scolyer-Gray

Dr Patrick is a cyber-sociologist, with a PHD in sociology he is an expert in cyber security. He investigates what, how and why people think and do what they do and identifies the security implications of our behaviour and ways of thinking, and then works to develop solutions to any vulnerabilities or weaknesses he finds.

More from Dr Patrick Scolyer-Gray >

We’d love to chat about how Cyberburst can benefit your business

Mark Eggers
Mark, our Head of Sales, will organise a no-obligation call with you to understand your business and any cyber security training challenges you’re facing. Too easy.

Chat with us