Will we ever see an end to ransomware attacks?

Governance, Risk & ComplianceRisk ManagementThreat & Vulnerability Management+3 more
1.7k views1 Upvote8 Comments
VP, Director of Cyber Incident Response in Finance (non-banking), 10,001+ employees
You have to assume it's going to happen. The news on Colonial Pipeline is too fresh to be able to say anything about their response actions. It’s all speculation as to whether or not the malware really propagated through the environment and got to the devices that manage the flow of the gasoline, or whether or not they pulled the plug on it all. We don't know if their cure was worse than the disease.
1
President and National Managing Principal in Software, 501 - 1,000 employees
I think ransomware attacks happen more than we hear about. One of my friends is a CFO of a building company and they got hit by a phishing attack. An IT administrator fell for it and the attackers got access to the machines. What’s interesting about how it spread is that they use Office 365 for email collaboration and none of the cloud services were compromised. It was their construction accounting software that was running on older Windows servers.

Those machines got destroyed and encrypted. They hired a crisis response company to come in and kind of negotiate with the hackers, but it was like negotiating to buy a car. And they paid to get the encryption keys back. I feel like that could have happened to any company with any software/equipment combination. I don't know if Office 365 was just that resilient, if they were lucky, or the legacy construction accounting software was just low-hanging fruit.
2 2 Replies
VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees

That's NotPetya all over again. When are we going to stop having these conversations? At work, this is just how it is. The bad actors understand architecture, configuration, and gaps in design better than we do. It's prime picking.

4
VP, Director of Cyber Incident Response in Finance (non-banking), 10,001+ employees

We do a good job of controlling where the data is and who can access it. But criminals will do whatever they can. I feel like the companies being affected by ransomware haven't been paying attention. For over a decade every CISO in the world has been saying it won't happen to them. But it's not a case of if you get hit, it's when—so what will you do when you get attacked?

CEO in Services (non-Government), Self-employed
Some devices, whether they're supervisory control and data acquisition (SCADA) devices, or programmable logic controllers (PLC)—even a quarter-sized Arduino microcontroller—can be penetrated so easily. What I wonder about the pipeline is, along such a long stretch of equipment, who could have stuck a third-party, homemade set of boards together and used the pipe itself for transportation back into the network?

Resource companies have been testing how serious a problem this is because there was a mining operation recently that used all-digital machines made by a huge equipment manufacturer. They had a close call where people were almost killed because the operator could not stop the vehicle. A crew was working in its path and it had no way to steer or break. It was just by luck that nobody was killed, but more of these incidents are coming. In situations where you have that many devices, it's not a bad idea to look to the IIoT for some of the things happening recently and the fixes that have been emerging, even those as simple as building a device with no plug, à la Apple. We tend to overlook the simple fixes because we're so involved in the technology.
2 1 Reply
CISO in Software, 51 - 200 employees

If your devices are connected to your industrial control systems, etc., they shouldn't be. What happened with Colonial Pipeline sounds like big news, but ransomware has been happening for 10 years with hospitals, utilities and so on. We keep doing the same thing. The reaction to ransomware is, "Let's shut down our whole network. Let's shut down the hospital. Let's shut down the pipeline," which causes mass chaos. It drives me crazy that we don't have better solutions to prevent this.

2
CIO in Education, 1,001 - 5,000 employees
As long as people / companies continue to pay the ransom, the attacks will continue.
Group IT Manager Operations in Construction, 5,001 - 10,000 employees
I don’t think ransomware attacks are going anywhere.
With more and more tech adaptions the attack surface is ever expanding.

Today your data is encrypted, tomorrow your digital wallet or your IOT landscape may be the hostage.

Tactics may change but the war will continue
3

Content you might like

What technology solution are you using for your employee experience platform?  How does it integrate with your HCM solution and intranet solution?  Any do's and don'ts, lessons learned to share?

Applications & PlatformsPeer InsightsStrategy & Architecture
Read More Comments
537 views3 Comments

Where do HR and other non-security/IT departments fit into your insider risk management strategy/program? What role do they currently play?

Security & GRCRisk ManagementThreat & Vulnerability Management+1 more
Read More Comments
4k views1 Upvote7 Comments

What are your CEO's top priorities for you this year?

Strategy & ArchitectureTeam & Organizational DesignCulture & Values+4 more

Lead digital business/transformation initiatives26%

Upgrade IT and data security44%

Identify new data-driven business opportunities15%

Collaborate with business leaders on customer initiatives4%

Help reach specific goals for corporate revenue growth11%


194 PARTICIPANTS
1.3k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
39.9k views130 Upvotes318 Comments

What is the #1 threat to cloud security at your organization?

CloudSecurity & GRCCompute+6 more

Malware22%

Data Exposure32%

Weak/Broken Authentication14%

Insider Threats15%

Application Vulnerabilities11%

Overprovisioned Access5%

Other0%


218 PARTICIPANTS
743 views2 Upvotes