On May 30, cyber attackers targeted JBS, the largest meat producer in the world. The attack prompted JBS to halt meat processing at all of its U.S. beef processing plants on June 1. Hackers facilitated the attack only weeks after a similar ransomware operation on Colonial Pipeline, which operates the largest pipeline system for refined oil products in the United States, caused a two-week fuel supply disruption on the East Coast and subsequent panic buying of gasoline.
Cyber hackers are increasingly engaging in attacks that hone in on the basics of daily life in the United States and around the world. By targeting food, gas, transportation, hospitals and water, ransomware attacks are spelling a crisis.
Ransomware, one of the most prevalent and harmful types of malware (i.e., weaponized software), is a class of hostile computer code that restricts the victim’s access to its network’s files. Using ransomware, attackers pressure victims into paying for the release of the information, demanding payment in the form of digital currencies, such as bitcoin. More recently, hackers have been stealing information and threatening to release or sell it, thus intensifying the coercion victims face to pay a ransom. However, the damage does not stop there. There are myriad risks organizations face when dealing with ransomware attacks:
- Loss of data
- Payments made to hackers
- Expensive insurance premiums and payouts
- System repair or damage control
- Disruptions to business operations
- Harm to organizational reputation
- Hiring of cyberforensics firms to launch an investigation
- Cost of training employees post attack
A Mounting Threat
Those at the forefront of cybersecurity and the security intelligence community have been warning the public and private sectors about the increasing threat of cyberattacks for years. In 2013, the U.S. intelligence community revealed that hostile intelligence agencies in China, Russia, and potentially Iran possess the capabilities necessary to interfere with the U.S. electric grid and distribution of crucial goods and services. In an open memo issued from the White House in early June, the National Security Council’s highest-ranking cybersecurity executive, Anne Neuberger, said, “No company is safe from being targeted by ransomware, regardless of size or location.”
As predicted, ransomware attacks have increased three-fold in the past year. Moreover, Cybersecurity Ventures, a prominent publisher and researcher covering the worldwide cyber environment, approximates that the financial costs of ransomware attacks will be 57 times higher in 2021 than they were in 2015. There are several factors contributing to the proliferation of ransomware attacks:
- High profit margins among companies
- Limited criminal ramifications for cyber attackers
- Convenience of payments via digital currencies
- An expanding supply of targets as organizational systems are becoming more connected, thus enabling remote access
Action and Inaction
When it comes to the priorities of the U.S. Department of Justice (DOJ), the agency has categorized ransomware attacks at the same level as terrorism. The FBI, moreover, is currently investigating around 100 types of ransomware, but there is a collective responsibility to act. The U.S. government has not passed significant cybersecurity legislation in two decades. Recent attacks are primarily targeting the private sector, which operates with minimal federal oversight. At times, corporate executives are not well versed in cybersecurity language and processes, reducing the chance that executives will act on the threats on their own accord.
The prevailing viewpoint is that the technology to combat cyberattacks, including ransomware, does exist. What is not always available is the determination and understanding to implement it. However, the public and private sectors cannot protect themselves by simply patching up issues. There must be a major system overhaul to neutralize the attacks.
By: Remi Nathanson
Sign up to our newsletter
Halftime Report: 5 Procurement Trends in the Second Half of 2021
Procurement departments and buyers that embrace proactive spending strategies are better equipped to reinforce supply chain resiliency in their organizations.
Chinese Telecom Equipment Vendors Face Trouble in the United States
Procurement professionals should examine the increasing risks when sourcing telecom equipment and services from Chinese companies, including regulatory compliance risks, intellectual property infringement, quality failures and political risks.