Political instability and the ease with which cyber criminals can make money through ransomware are key factors influencing the proliferation of attacks around the world.
This is according to speakers participating in Rubrik’s Data Security Talks EMEA 2022, which focused on the World of 2022 Cyber Warfare.
Geopolitics influences cyber risk
The world of cyber crime is heavily influenced by the world of geopolitics, said Misha Glenny, author of McMafia: A Journey Through the Global Criminal Underworld and Dark Market.
He outlined the growth of cyber crime operations and their relationship with nation states over the past 20 years, as well as the impact of the Russian invasion of Ukraine on global cyber crime and political engagement around cyber crime.
“After the ransomware attack on the Colonial Pipeline in the US, American President Joe Biden interpreted it as an attack on critical national infrastructure,” he said. Glenny noted that Biden had raised the issue during a summit with Russian President Vladimir Putin, after which the hackers had removed their malware and repaid the ransom. “We suspect the Kremlin ordered DarkSide to stop the attack straight away and pay back the money. This attack may have been a bridge too far – the criminal group had started to interfere too deeply in politics,” he said.
“Governments can only do a certain amount. They can alert businesses to where attacks are happening, what they are and facilitate co-operation. But it is down to every company to have the right digital hygiene and cyber security regimes in place. They also have to keep up to date with what is happening around the world, where attacks are coming from and what geopolitical developments will mean for your company,” he said.
New approach needed
James Hughes, Vice-President and Enterprise CTO at Rubrik, and Rubrik CISO, Michael Mestrovich, said the ever-evolving cyber security landscape required a new approach to security.
Mestrovich said: “We are seeing a rapid increase in ransomware attacks, a lot of them against critical infrastructure and services citizens depend on – medical and healthcare, transportation, fuels and schools. There are moves towards greater partnership between the public and private sectors to protect critical services and infrastructure.”
He noted: “Ransomware is quick and easy money for cyber attackers. The rise of crypto-currency has helped further this along because it's relatively easy to pay cyber criminals with crypto-currency. A lot of organisations think they have a plan for a cyber event, but they don’t often practice that plan. You need it to be well practised and the routine should be understood.”
Hughes said: “Within the EU and Europe, there are sophisticated data governance rules and regulations, and most organisations carry out disaster recovery and business continuity tests in line with data protection best practice, but these aren’t really wartime scenarios. What we’re seeing now is the regulators stepping in to insist organisations do things properly. In terms of spend on security, there is no lack of investment in tools, but considerably less investment on impact. There needs to be a realisation that something will get through and organisations need to be prepared.”
Mestrovich added: “Organisations need new approaches to security. Cyber defenders have to be 100% accurate, and this takes an enormous amount of time, effort and training. Beyond that, they also have to account for all their employees and ensure they don’t take bad actions. Organisations must build resiliency to limit lateral movement, understand where the threat actor is and ensure that their data is protected. They need to be able to recover from an event – at the same time as they are quarantining and evicting the cyber attacker. This means IT operations teams and cyber security teams need to work together with common tools and platforms.”
Steve Pitcher, IT Infrastructure Architect at Close Brothers, said: “The focus needs to be on how to recover, and having the tools and processes in place. Organisations must consider the value their data has for the business from both a regulatory and a customer point of view.”
Christopher Fuessnet, Security Cloud Solution Architect at Microsoft, said: “In the past six to seven years, we have seen more ransomware, and in the past two years we are seeing increased frequency and scope of attacks. The techniques aren’t new, but are evolving and becoming more professional and targeted.
“As a cloud service provider, Microsoft has a shared responsibility for security and the customer has some obligations. We have good frameworks to help the customer find guardrails, enforce encryption and broadly support security,” Fuessnet said.
Microsoft has numerous security offerings, with zero trust, adaptive access and assumed breach core to its approach to security tools, he explained.
Microsoft invested in Rubrik in 2021, to reinforce its own zero trust strategy, and this year Rubrik joined the Microsoft Intelligent Security Association ecosystem.
Share