May 25, 2021
The Honorable Henry McMaster
Governor, South Carolina
General Keith Alexander
Founder and Co-CEO, IronNet
Lieutenant General Bruce Crawford
Former Chief Information Officer, U.S. Army
Fellow and Chief Scientist, McAfee
Vice President, Cyber Policy and Operations, U.S. Chamber of Commerce
As the U.S. continues its economic recovery from the lasting effects of the coronavirus pandemic, organizations have found ways to keep their data safe from cyber and ransomware attacks — attacks that saw a dramatic uptick throughout the last year. Experts shared their insight into the current state of cybersecurity and how states and businesses can better protect themselves.
Intelligence Sharing Is the Future of Cyber Defense
“If every country [in NATO] was to defend itself and only call other countries after something bad has happened, that would be a catastrophe in the physical world,” he said. “Yet, that’s what we do in the cyber world: every company today defends itself and shares information when it knows what’s going on.”
As a result, there is no “radar picture” for cybersecurity, Alexander added.
“Collective defense helps us bring together a radar picture where we can see collectively what’s going on,” he continued. “In the cyber world, that allows us, at network speed, to share knowledge, to crowdsource, to take advantage of all the people we have [who] are doing cybersecurity. I think that’s the future of cyber defense.”
Cybercrime-as-a-Service Is Fueling the Prevalence of Ransomware Attacks
Experts have found that ransomware attacks are up 300% over the past several months.
“Historically, there was almost a one-to-one relationship between the attacker and the victim,” said Raj Samani, chief scientist and fellow for McAfee. “What’s changed … is you don't need technical skills in order to be part of this ransomware economy.”
Samani added that cybercrime-as-a-service, which involves developers, hackers, and threat actors who sell their hacking tools and services via the dark web, is a prime reason for the increase in cyberattacks.
“These affiliates or partners who effectively go out and carry out attacks for a share of the profits really have enabled this kind of scale,” Samani added.
“I think that we're seeing the targets to be more broad in scope,” added Nitin Natarajan, deputy director of Cybersecurity and Infrastructure Security Agency (CISA). “We're seeing it impact a lot of non-traditional entities that we wouldn't have thought of five-plus years ago.”
Such organizations include hospitals, schools, local governments, and more that lack the resources to handle such an attack.
Small Business Must Practice Strong Authentication, Patching, and Backups
Businesses of all sizes faced an uptick in ransomware attacks during the pandemic, but small businesses, in particular, struggled to mitigate their risks.
“Small businesses were getting attacked and they were having to make split-second decisions about ransomware,” said Kiersten Todt, managing director of Cyber Readiness Institute. “They would either pay to ensure that they didn't disrupt their operations; that they continue to be a part of the supply chains and be economically challenged, or they wouldn't pay and run the risk of being offline for [up to] three days.”
To become more “cyber-ready” and “cyber-resistant,” Todt explained that small businesses can do three things: have strong authentication, have a patching program in place, and ensure a workable backup for immediate access.
“As we look at all of these pieces, we have to look at that prevention, resilience, and readiness,” she said.
South Carolina’s Cybersecurity Initiatives Will Better Protect Its Businesses
Senator Tom Young, Jr. of South Carolina said his state will continue to grow in the cybersecurity sector while better protecting both small to large businesses from cybersecurity threats in two primary ways.
“The first way is by partnering with our smart talent from industry, our educational institutions, and government to better prepare for such cybersecurity events,” he said. “We are working to increase our educational capabilities and awareness throughout the state.”
“The second way to continue the growth is for South Carolina to address the educational gaps and workforce development challenges in the IT sector,” Young continued. “Finally, there are pending bills in the general assembly to assist with the growth and the cybersecurity and technology sector.”
From the Series