Editor’s Note: Camille Stewart is a cyber fellow at Harvard University’s Belfer Center for Science and International Affairs. She served as senior policy adviser for cyber infrastructure and resilience policy at the Department of Homeland Security under President Barack Obama. Follow her @CamilleEsq. The views expressed in this commentary belong to the author. View more opinion at CNN.
Many people assume that a cyberattack is orchestrated by a lone wolf or a nation-state hacking into systems that have nothing to do with them. They often assume that their information and systems are not valuable enough to be a target.
The truth is that attackers have built a profitable illicit business model driven by financial gain which means no one is safe if there is money to be made. Ransomware is not going anywhere and will only continue to grow in size, sophistication, and severity without a coordinated, comprehensive, “whole of society” response.
c/o Camille Stewart
Individuals, small businesses, hospitals, school districts, city governments and countless other organizations are a constant target. The recent ransomware attacks on public infrastructure like Colonial Pipeline — which shut down one of America’s largest pipelines creating fear of access to fuel — and large food suppliers like JBS affected operations such that everyone is aware of the vulnerability of our most critical sectors. This awareness is an opportunity for individuals, organizations and the government to work together to combat this growing and evolving threat that endangers our national, domestic and economic security.
Cybersecurity is an area where the action or inaction of an individual has a direct link to national and international outcomes. Many of the most crippling attacks are often traced back to the digital security practices of an individual or gap in an organization’s security program. Take the Colonial Pipeline attack, for instance. Experts recently confirmed the Colonial Pipeline ransomware attack began with a compromised password, which provided access to Colonial’s networks via an account not currently in use and not secured by an extra protection mechanism known as multifactor (or two-factor) authentication.
Organizations of all sizes should support their teams through training, policies, and a comprehensive security program but the commitment of the individual to good digital security is incredibly important. Good digital security, specifically not reusing passwords, disabling inactive accounts and leveraging multifactor authentication, would have helped prevent the Colonial attack.
We must all recognize that our individual actions are directly linked to large-scale outcomes where technology and digital security are concerned. Your good digital security practices help prevent attacks that can affect access to critical services for millions of people.
I encourage individuals and businesses of any size to not reuse passwords, create strong passwords, use multi-factor authentication, back up data, update software, and generally practice good digital security. But that is just one piece of the work that needs to be done.
The federal government has an important role in driving the coordination and collaboration necessary to combat the ransomware threat. As cybercriminals continue to evolve their business model, the scale grows and it becomes easier for anyone to leverage ransomware to seek monetary gain and wage crippling attacks on critical systems. More importantly, the blurred lines between nation-state activity and cybercriminals makes stemming this kind of cybercrime even more difficult.
The response to the recent wave of visible, costly, and disruptive ransomware attacks involves and must include the entire federal government. The US Department of Homeland Security’s ransomware task force, the US Department of Justice’s task force and the Justice Department’s recent decision to elevate ransomware to a similar priority as terrorism are important steps in coordinating the deterrence, disruption, response and resilience efforts necessary to combat this threat.
The US government and its allies must work together to deter ransomware attacks and push international cooperation to identify and extradite criminals for prosecution. Significant effort must be put into disrupting and dismantling the business model of ransomware by impeding access to funds, transparency and reporting requirements for attacks and any payments made to attackers, prosecuting criminals, and dismantling ransomware infrastructure.
We need a national response strategy that facilitates signal sharing, reduces likelihood of payment, and clarifies reporting channels and support options for affected entities. The strategy would build resilience by supporting organizations of all sizes in preparing for ransomware attacks, promote good digital security, and provide incentives for minimum cybersecurity for critical infrastructure.
Get our free weekly newsletter
This work requires public and private collaboration to be most effective.
Absent individual and organizational action to employ good digital security and a comprehensive whole of society approach to address ransomware, we are facing a future where ransomware will continue to escalate. This escalation has the potential to not just spike gas prices and slow access to your favorite deli meat but impair small businesses, lead to the crippling of critical support services and operations like health care and electricity, and potentially even harm to or loss of human life.
The ransomware threat is not going away. Let’s work together to defeat it.