Through the number of cyberattacks that have continuously unfolded, we have seen what the consequences are when cybersecurity flaws are not addressed. They can range anywhere from facing large ransomware monetary demands to loss of productivity due to forced shutdowns. Now there is a reckoning with such costs of not fully investing in cybersecurity and an effort to encourage a joint approach.
The Washington Post’s Cybersecurity 202 summarized a report that prior to the attack that led to system disruptions and a large ransom payment, Colonial Pipeline had turned down the option to have TSA cybersecurity reviews. In fact, the company had postponed such audits three times as it dealt with other priorities like a move and the impacts of the pandemic. While the article states that there is no evidence that having the reviews would have prevented the ransomware attack from happening, it does represent the potential downfalls of relying on a voluntary approach to cybersecurity measures.
Colonial Pipeline is not the only company to put off a focus on cybersecurity, however. According to The New York Times, a push back on cybersecurity regulation has been in play for years as concerns over expense won out. But, recognizing the potential downfalls of a voluntary system, The White House recently released a warning that businesses need to adopt “urgent security measures,” as NYT reports. The letter was put out as ransomware attacks such as the Colonial Pipeline incident and the new attack on Cox Media Group are on the rise. Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, outlined that “corporate business functions and manufacturing/production operation are separated.” This would prevent an attack on business records from impacting production. Neuberger also noted that the administration is working on policies addressing the handling of paying ransomware.
As Howard Boville, the head of IBM Hybrid Cloud, put it in a piece for TechCrunch, “Ransomware attacks on the JBS beef plant, and the Colonial Pipeline before it, have sparked a now familiar set of reactions.” And as there is a move to try and block such occurrences from continuing to happen, the question of why it keeps happening is still not fully answered. But he proposes that part of the answer lies in “technical debt,” which are the prices paid for relying on software that was put together quickly to meet short-term needs. Boville pointed out that the cyber defenses in place right now are dealing with such issues. He explained that both the public and private sectors are now trying to handle “uncoordinated systems” that use multiple applications across platforms, and this complexity severely hurts the chances of having solid security. In order to prevent cybersecurity debt, Boville suggested turning to solutions like a unified hybrid cloud infrastructure and confidential computing as well as “public and private collaboration.”
Key Takeaways:
“The Cybersecurity 202: The Biden administration aims big on cybersecurity spending” – Joseph Marks, The Washington Post
- According to a Washington Post report, Colonial Pipeline had turned down the option to have TSA cybersecurity reviews prior to experiencing a ransomware attack.
- The company had postponed such audits three times.
- This may reflect the downfalls of relying on a voluntary cybersecurity system.
“White House Warns Companies to Act Now on Ransomware Defenses” – David E. Sanger and Nicole Perlroth, New York Times
https://www.nytimes.com/2021/06/03/us/politics/ransomware-cybersecurity-infrastructure.html
- The White House recently released a warning that businesses need to adopt “urgent security measures,” as NYT reports.
- The letter was put out as ransomware attacks such as the Colonial Pipeline incident and the new attack on Cox Media Group are on the rise.
- Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, outlined that “corporate business functions and manufacturing/production operation are separated.” She also noted that policies are being written on how to address ransomware payments.
“The rise of cybersecurity debt” – Howard Boville, TechCrunch
https://techcrunch.com/2021/06/04/the-rise-of-cybersecurity-debt/
- Howard Boville, the head of IBM Hybrid Cloud, put it in a piece for TechCrunch, “Ransomware attacks on the JBS beef plant, and the Colonial Pipeline before it, have sparked a now familiar set of reactions.”
- But he explained that we are still seeking to answer why such events keep happening. He suggests it comes down to the debt faced by relying on quick cybersecurity applications and an overly complex network.
- He suggests solutions such as a unified hybrid cloud infrastructure and confidential computing as well as “public and private collaboration.”