The United States is at a crossroads – one that is silently shaping the future of our businesses, local governments, schools and households, and whose effects are being felt by residents across Texas. This crossroads, a foe that is constantly advancing in ways we’ve never seen before, shows no concern for others or their losses and is widely driven by those residing on foreign soil.
This foe, a form of cybercrime known as ransomware, reportedly executed a coordinated attack against 23 towns in Texas earlier this week, costing the state at least $12 million. Before it’s too late, we must get tough, take these attacks seriously, and work together to strengthen the resilience of America’s cybersecurity infrastructure.
The reality is, for decades, cybercriminals have been targeting U.S. soil. In their earliest days, the attacks infected home computers in hopes of obtaining personal information and scamming users out of their hard-earned money. Since the enemy has advanced to additional scams, advanced viruses and now ransomware, a malicious software that encrypts user data and demands a ransom to restore systems. Initially, ransoms were relatively affordable, and when paid, the chances of getting all of your information back were pretty high. Today, ransoms can cost millions of dollars.
This year alone, we’ve seen hundreds of cyberattacks, including a ransomware attack that crippled the city of Baltimore’s operations for weeks, an attack that hit a small rural county in Florida, ultimately resulting in payment of a ransom of over $600,000, and most recently, a coordinated string of attacks that targeted 23 towns in Texas.
As the former U.S. attorney for the Southern District of Iowa, I saw how ransomware and malware attacks can plague a state at all levels. As the acting attorney general of the United States in late 2018 and early 2019, I witnessed the evolution of cybercrime methodology, the advanced frequency and the increased sophistication of malicious coding.
This problem has evolved and quickly gotten out of hand. Rather than targeting home users, cybercriminals have now begun targeting airports and hospitals, cities and counties, businesses and government agencies.
In fact, this year alone, we’ve seen hundreds of cyberattacks, including a ransomware attack that crippled the city of Baltimore’s operations for weeks, an attack that hit a small rural county in Florida, ultimately resulting in payment of a ransom of over $600,000, and most recently, a coordinated string of attacks that targeted 23 towns in Texas.
On top of the increase in frequency of these attacks, finding these criminals has been proven increasingly difficult over the years. While at the Department of Justice, I worked with Homeland Security to bring charges against foreign nations that executed attacks against our country and businesses to steal trade secret information for financial gain. However, several hacking groups have yet to be apprehended. With cybercrime damages projected in a recent study conducted by Cybersecurity Ventures to reach $6 trillion by 2021, it’s imperative our nation’s government, businesses, educational institutions, and citizens begin taking on a new approach to cybersecurity.
We cannot simply implement two steps and be perfectly secure from attacks. It will take a larger emphasis on user training, implementing best practice backups, increasing password hygiene, and more to win this war.
First, users need to ensure their operating system and all of their third-party applications are up to date. If they are outdated, security holes are being left unpatched. Therefore, users are leaving the backdoor wide open for cybercriminals.
Second, we must begin to take a proactive approach to security. Often, security solution providers use a reactive approach to security. Meaning, the software will only block known bad files, permitting all other unknown files to install. Based on industry research, this approach is no longer feasible.
For this reason, the National Institute of Science and Technology, the FBI, and NSA have all encouraged the use of application whitelisting. By using a whitelist, the device will only be allowed to run known, trusted programs. This means, even if the enemy found a way to worm their way into the server or computer, they couldn’t install anything malicious, because only good programs and files can run. Use of such techniques will significantly drive down the number of successful attacks we see moving forward.
The third key is education. Knowing what today’s threats are, and the red flags to spot them, will help decrease the likelihood of unintentionally downloading a malicious attachment or clicking on a malicious link.
Lastly, proper password hygiene is critical. This requires using complex passwords, including capital and lower-case letters, numbers and special characters. These passwords should also not be written down. Alternatively, users can utilize a password vault to manage and protect all of their passwords for each account. Passwords should also not be used across multiple accounts, personal or professional, and should be updated every six weeks.
Cybersecurity is far from a simple issue. We cannot simply implement two steps and be perfectly secure from attacks. It will take a larger emphasis on user training, implementing best practice backups, increasing password hygiene, and more to win this war. The war we’re fighting is against an adversary that is well-funded, well-educated, and skilled at their craft. This will take action from public and private organizations of all sizes.
By working together, placing a greater emphasis on cybersecurity, and getting tough on cybercrime, we can defeat cybercriminals once and for all.