The discussion so far has dovetailed into an argument for how techno-centric and HCCS can (and do) work together to resist and repel cybercrime, and although it is great to have a strategy for what we need to do, we need to remain cognisant of the sobering reality of our predicament: The ransomware crisis is far beyond the scope and capabilities of any single company or organisation.
Apart from shamelessly plugging the human centric cybersecurity (HCCS) capabilities offered by 460degrees, my point here is to demonstrate there is a way forward that works without intruding upon or siphoning from starving cybersecurity budgets.
Humans have survived and advanced because we are a cooperative species: We need to leverage that advantage
As contradictory or heretical as it might be to the capitalist dictums of market capture, what I am proposing is we pursue cooperation based on our common interest in preserving the nation and the viability of business for all.
In addition to integrating HCCS into as much critical infrastructure as fast as possible, we also need to alter the field of play that is currently heavily skewed in favour of cybercriminals.
We have a discourse to overcome that is backed by empirical evidence and goes something like this:
When you are hit with ransomware then you are in a lose-lose situation that can only be assessed on a spectrum of terrible to irretrievable disaster. It is imperative that we counter this perception through effective deployment of preventative measures (a speciality of HCCS) and we need to lose the defeatist attitude and replace it with something more aggressive. Think of it this way: When was the last time a large group of people found themselves besieged and walked away from the conflict victorious by being apathetic about the situation and their adversary?
The barriers to entry for attackers are low
At present, the financial calculus of ransomware attackers is fantastic. It’s cheap and easy to acquire and deploy ransomware, lots of people are doing it and relatively few victims are reporting it – even fewer when an attack is underway. Attackers need not worry about attracting too much heat or attention from authorities and, most importantly, the majority of victims keep paying the ransom!
Better still, with all the high-profile media coverage of ransomware attacks, everybody now knows that no matter how massive a company might be, if you work hard and have an eye for detail, you can expect to successfully extract millions of dollars from any organisation you like.
So much for “we will not negotiate with terrorists”.
We are also dealing with a low-risk, high-return cybercrime that any muppet can execute with a bit of time invested in watching tutorials on YouTube combined with a little help from Google.
We need to raise those barriers
Unless we want said muppets to become a new kind of wealthy ruling elite, we must immediately pursue radical changes in our human centric and technological cybersecurity strategies to make sure ransomware stops being a practical and/or financially viable way for cyber threat actors to make money.
It is time to accept that multiple parties have roles to play here, it’s time to cooperate and accept that mistakes have been made. Let’s just skip the blaming and finger-pointing and get on with combating the ransomware, shall we?
Going inside out, rather than outside in
A first step would be to invert our focus from perimeter defences and technological layers of security to a revised paradigm where we strengthen people and improve their working relationships with the cybersecurity tools they have at their disposal.
For example, we have seen some promising results in countering ransomware attacks by using endpoint protection software and other technology. But this requires staff comprehension and adoption (HCCS) and proper configuration to perform the task required (conventional cyber).
Enhancing cyber resilience depends on the seamless integration of conventional and human centric cybersecurity, but it is entirely achievable and produces exceptional results.
The frontline defence for any organisation is its staff
In sum, no matter how you look at it, fighting the ransomware crisis threatening Australia’s critical infrastructure requires we immediately put HCCS centre stage. And, since the vast majority of ransomware is delivered via email, the most important defence against ransomware for any organisation becomes its staff – the human element.
Unfortunately, this has not yet become the mainstream understanding of the ransomware crisis in government or industry; they continue to bubble wrap critical infrastructure in as much cybersecurity tech as possible.
This is futile: Even with the best defences in the world, all it takes is one person to click one malicious link or download one attachment for ransomware to annihilate an organisation. For Colonial Pipelines it was one weak password.
Bottom line: We can do this the easy way, the hard way, or not at all. The HCCS team at 460degrees are poised to operate in all three of those environments, are you?
This is the forth in a series of four articles tackling ransomware. You can view the other articles in this series here:
Article One: Australia’s Ransomware Crisis
Article Two: Ransomware: what technologists don’t want to hear