His final recommendation is that governments need to take stronger action against Russia, which is home to most of the perpetrators of these attacks. JL
Martin Giles reports in Forbes:
Mandia recommended companies focus on two key elements of defense against the ransomware threat. The first is to limit the impact of a hack, by segmenting computer systems and using other tactics to minimize the number of machines and amount of data hackers can lock down in a breach. The second is to ensure critical systems are backed up, that those backups are kept secure and that recovery plans are regularly tested. (Also) governments need to take concerted action against the criminal groups behind the attacks. “You have to [use] economic sanctions, technical solutions and diplomacy on this.”Kevin Mandia, the CEO of FireEye, one of the world’s most prominent cybersecurity companies, used an analogy from ice hockey to describe the challenge facing top technology executives and other C-suite leaders grappling with an explosion in the number of ransomware cases.
Speaking at a Wall Street Journal cybersecurity event today, Mandia likened businesses to goalies trying to defend against wave after wave of players taking snapshots at their computer networks. “The puck will continue to get in the net forever unless we play offense,” he said.
His warning comes as ransomware attacks, in which hackers use malware to lock up corporate systems and offer to hand over the digital keys to unlock them in return for payments, hit prominent corporate targets. Brazil’s JBS, the world’s largest meat packer, is the latest high-profile victim of a deeply worrying trend that also recently caused havoc at Colonial Pipeline, which handles much of the North-Eastern U.S.’s fuel transport needs.
The cost of ransomware to businesses is soaring as software tools for mounting attacks have become widely available on illicit websites and as cryptocurrencies have made it harder than ever for law enforcement officials to trace ransomware payments. Palo Alto Networks, another cybersecurity firm, found ransom demands skyrocketed last year, with the highest one more than doubling to $30 million. (Average payments are lower, coming in at just over $312,000—which encourages hackers to scale up the volume of assaults.)
FireEye, whose software and services are used by many of the U.S.’s largest businesses, has been busy helping victims of ransomware attacks. Mandia said even companies that have taken plenty of the right steps to bolster their defenses are getting “sucker punched” and called on governments to take concerted action against the criminal groups behind the attacks. “The bottom line is you have to [use] economic sanctions, technical solutions and diplomacy…You have to pull every lever on this one.”
Damage limitationMandia also recommended companies focus on two key elements of defense against the ransomware threat. The first is to “limit the blast radius,” or the impact of a hack, by carefully segmenting computer systems and using other tactics to minimize the number of machines and amount of data hackers can lock down in a breach. The second is to ensure critical systems are backed up, that those backups are kept secure and that recovery plans are regularly tested.
Some experts have argued companies should refuse to pay ransoms because doing so only encourages cybercriminals, but Mandia noted that such decisions need to take account of specific circumstances. For instance, if a hospital’s computers are compromised, lives could be put at stake. “It’s a little more complex than drawing a bright line,” he said.
He also warned executives to be wary if hackers hand over code needed to unlock systems after a ransom’s been paid because they may have buried other malware within it. FireEye and other security companies typically recommend that decryption tools are rewritten before they’re used to guard against this threat.
There’s also the question of whether to go public about a breach. Mandia faced this issue himself with FireEye, which announced on June 2 that it is selling its FireEye-branded products including network, email and cloud-security offerings to Symphony Technology Group in an all-cash deal worth $1.2 billion. Last year, FireEye discovered its systems had been compromised by hackers as part of the SolarWinds cyberattack, which targeted popular networking software used by many companies and a number of U.S. government agencies.
That security crisis, which didn’t involve ransomware, is believed to be the work of hackers linked to Russia’s foreign intelligence service. Asked why FireEye decided to reveal the breach last December, Mandia said it felt an obligation to do so. “With SolarWinds, when we went public, we were still in the fog of war…But we knew that this [situation] was beyond us and we needed to do community defense.” It will take community defense on a global scale to bring businesses’ current ransomware nightmare to an end.
0 comments:
Post a Comment