Ransomware as a national threat
Here are some highlights from the article (click Read More below for full article)
Ransomware attacks targeting critical infrastructure are elevated to a national intelligence priority, equating them to acts of terrorism.
“Ransomware is now an extremely lucrative business. In the first half of 2024, ransomware victims paid an astonishing $459.8 million to cybercriminals, setting the stage for a potentially record-breaking year. The ransomware business has gone from demanding extortion payments of $3.6 million in 2017 at Hollywood Presbyterian Medical Center to $240 million in 2021 with an attack on MediaMarkt, Europe’s largest consumer electronics retailer. Attackers have become bolder and more demanding as they realize the lucrative nature of extortion. That and the fact that most victims are ill-prepared for this sort of attack despite multiple decades of warnings from cybersecurity and law enforcement leaders, along with growing cyberattacks against business.
“There needs to be better corporate accountability, and that means CISOs need to fully document decisions by CEOs and boards to accept risks that are against the recommendation of company security leaders and experts. CISOs also need to ensure that their employment contracts include provision for independent legal representation for any security incident that may be blamed upon them, and for a period well after they have left their positions. This needs to include their time and expenses to attend court hearings and government committees of inquiry.
“Also driving the growth in cyberattacks is the lack of cost or risk imposed on perpetrators of these crimes. Russia, China, Iran, and North Korea lack extradition treaties with the West and fail to recognize many cyberattacks as criminal activity.