We’re starting to see a national response to ransomware, says Mandiant CEO
As the recent Log4j breach demonstrates, U.S. businesses and government organizations have been taking a pounding from cybercriminals. It’s coming in the form of ransomware, data breaches, distributed denial-of-service (DDoS), and other damaging attacks.
Now, many are saying enough is enough.
“I think more people are taking advantage of the United States — and our openness and our true global workforce — than in any other nation,” said Kevin Mandia, CEO of cyber security company Mandiant, in a session on cybersecurity.
Rather than simply bolstering traditional defenses such as firewalls and waiting to be the next potential victim of a cyber assault, companies are beginning to take a more proactive approach to security. They’re going on the offensive, actively seeking out cyber threats and disabling them before they can wreak havoc on systems and networks.
The increase in ransomware, one of the more insidious and damaging types of attacks, is a major driver for going on the offensive. An August 2021 report from research firm International Data Corp. showed that more than one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months.
Weary of the ongoing assaults, organizations are fighting back.
“What you’re starting to see is a coordinated national response — maybe even a coordinated international response — because of ransomware,” Mandia said. “Quite frankly everybody hates it except for people doing it and the people harboring those who do it.”
A good example of effective coordination was the takedown earlier this year of REvil, a ransomware-as-a-service operation linked to Russia. A group of countries and law enforcement organizations used technical and legal methods to knock the operation off the Internet.
While it’s uncertain exactly how REvil was taken out of commission, the collaboration by multiple entities is a positive development in the effort to minimize or eliminate threats, Mandia said. With ransomware becoming a national security issue as well as a criminal one, the U.S. needs to consider bringing military assets to bear in the fight to stop these attacks, he said.
“We can do a lot of different things rather than just constantly making it a clean-up on aisle nine after the crime,” he said. Military action “doesn’t mean drone strikes, it means proportional response” to the attacks, he added. That can only happen when the sources of the attack are identified.
A strong step would be the creation of a national “doctrine” that states how the U.S. will deal with creators of ransomware and other cyber threats, as well as the nations that harbor them, Mandia said.
“There could be some vagueness to that doctrine, but people need to know that the nation is going to have a coordinated response” to attacks, he said. “There comes a time where you just can’t stand there and take it anymore.”
Technology executives expect the high level of external threats to continue, with TEC members responding to a recent survey saying that state-sponsored cyber warfare (32%) and criminal organizations (25%) remain the most dangerous cyber threats. They give the Biden administration decent marks in its cybersecurity efforts so far, with less than 5% of TEC members saying Biden has done a “poor” job on cybersecurity during his first year in office. Thirty-nine percent of respondents said the Biden administration has done a “good job,” while another 9% described its efforts as “excellent.” Another 35% said the administration has done an “average job” when it comes to cybersecurity.