Disaster Prevention and Recovery Plans Needed for Cybersecurity

May 11, 2021 by Victoria Turner
Washington Metropolitan Police Department chief Robert Contee speaks during a news conference in Washington. Political hand-wringing in Washington over Russia's hacking of federal agencies and meddling in U.S. politics has mostly overshadowed a worsening digital scourge with a far broader wallop: crippling and dispiriting extortionary ransomware attacks by cybercriminal mafias. (AP Photo/Alex Brandon)

Last year saw an increase of 20% in cyberattacks against organizations, said James Turgal, vice president of Optiv, during the first day of the CyberSatDigital conference.

The most common attack, with over 184 million reported last year, is known as a ransomware attack – when bad actors manage to hack a company through “malicious software” holding files and servers hostage for ransom, typically requested in the form of bitcoin. Ninety-three percent of all ransomware attacks come through a contaminated business email, said Turgal, who served for 22 years at the U.S. Federal Bureau of Investigations. 

This is particularly worrisome as so many people continue working from home, so “now their routers and computers” have become part of the organization’s network and ecosystem, Turgal explained, guaranteeing that the 184 million reported was much less than the actual number. From 2019 to 2020 alone, ransomware attacks resulted in over $1 billion in global losses.

As cyberattacks attacks have become so common, it is no longer a matter of “if” or “when” an organization will be under a cyber threat but how the organization responds to an attack, said John Iannarelli, a retired FBI special agent executive with over two decades in federal cybersecurity.

The event comes on the heels of last week’s ransomware attack on the Colonial Pipeline, the nation’s largest pipeline that delivers fuel from Texas to the east coast. The conference also started a day before the Senate Committee on Homeland Security and Government Affairs hearing on the cybersecurity industry’s response, prevention and recovery following the Russian hack on SolarWinds

As the country waits for President Biden to issue an executive order to bolster American cybersecurity, and potential federal regulation, it is vital that organizations ensure they have “robust disaster recovery plans,” said Phil Mar, chief technology office at Viasat. Organizations need to prepare for these the same way they prepare for weather emergencies, like hurricanes or floods, or even other disasters like a factory fire, he explained.

The Defense Department’s Cybersecurity Maturity Model Framework certification is a “good starting point” for modeling prevention and response plans, Mar said. But these plans need to “go above and beyond the CMMC” and mitigate the impact on operations, he urged. It is just as important to know how you will respond to a direct attack as what you will do if one of your key suppliers is hacked, he explained. “To be able to track every step” of a threat is a “monumental issue,” especially when everything is as “interconnected” as it is in today’s digital world. Unfortunately, he added, companies seem to do a better job on natural disaster recovery plans than on cybersecurity plans.

The most prevalent vector for these attacks is “phishing” – emails that look to be from a trusted source, requesting you to click on a link or input sensitive information. A lot of these hacking attempts incorporate social engineering, “human hacking” that targets the user to gain access into the system, said Rosa Smothers, senior vice president of cyber operations for KnowBe4. Emails, accidentally downloading a compromised app or even just checking your social media from your work computer, all add an extra level of risk as these employees become easier targets. And these social media attacks are far more common than the more “sophisticated” SolarWinds attack that reached 18,000 software customers, she added.

From simulations to “answer-response” employee training, “business continuity” plans “[need] to be continuous,” said Dr. Andrea Little Limbago, vice president of research and analysis at Interos. These plans need to keep up with the quick pace at which these attacks are evolving, she urged. 

“The more you engage when it is not a crisis, the more confident you will be when there is one,” said Adam Lee, vice president and chief security office at Dominion Energy. Despite not yet knowing the extent of the Colonial Pipeline hack, the mere fact that they took operations offline was an “extraordinary move” that points to how connected their information technology and operational technology systems really are. 

In The News

Health

Voting

Cybersecurity

Senators Try to Get Tough On Rise in Cybercrime
Cybersecurity
Senators Try to Get Tough On Rise in Cybercrime
June 17, 2021
by Tom Ramstack

WASHINGTON -- A group of U.S. senators responded Thursday to recent ransomware attacks by introducing legislation to impose new tactics and harsh penalties on cyberattackers. They pinned much of the blame on Russia, despite denials a day earlier by Russian President Vladimir Putin. “The Russians do... Read More

Warner Contemplates Mandatory Cyberattack Reporting Bill
Cybersecurity
Warner Contemplates Mandatory Cyberattack Reporting Bill
June 16, 2021
by Kate Michael

WASHINGTON — The rise in profit-driven cyberattacks has prompted Senate Select Committee on Intelligence Chairman Mark Warner, D-Va., to contemplate a mandatory reporting bill so law enforcement can promptly take action on urgent threats. Warner told Axios recently that he anticipates broad support for such upcoming... Read More

White House, Congress Aligned on Cybersecurity Goals
Cybersecurity
White House, Congress Aligned on Cybersecurity Goals
June 16, 2021
by Victoria Turner

WASHINGTON - As Congress edges closer to putting a final infrastructure bill on President Joe Biden’s desk, it looks like lawmakers and the White House are aligned in their commitment to bolster U.S. cybersecurity through increased federal investment, focusing on prevention and utilizing public-private partnerships to... Read More

Kakto Presses Administration to Take Cybersecurity More Seriously
Think Tanks
Kakto Presses Administration to Take Cybersecurity More Seriously
June 11, 2021
by Victoria Turner

Rep. John Katko, R-N.Y. recently went into a couple of Lincoln car dealerships in Syracuse, New York, but “neither one of them had any cars.”  “And they’re not going to have any cars for several weeks because of the chip shortage,” Katko said during a "fireside... Read More

Federal Government Prepares to Take Lead in Protecting Industry Computer Networks
Cybersecurity
Federal Government Prepares to Take Lead in Protecting Industry Computer Networks
June 10, 2021
by Tom Ramstack

WASHINGTON -- Testimony at a congressional hearing Wednesday on last month’s Colonial Pipeline Co. ransomware attack demonstrated that a bigger role for the federal government is coming soon to protect private computer networks. The Georgia-based company’s chief executive officer admitted to internal failures in protecting the... Read More

Granholm Calls for Public-Private Partnership to Thwart Cyberattacks
Cybersecurity
Granholm Calls for Public-Private Partnership to Thwart Cyberattacks
June 10, 2021
by Dan McCue

WASHINGTON — Energy Secretary Jennifer Granholm would like to see more public-private cooperation on cyber defenses and said U.S. adversaries already are capable of using cyber intrusions to shut down the U.S. power grid. "I think that there are very malignant actors who are trying," she... Read More

News From The Well
scroll top