Chair: Professor Martin Gill
Panellists:
Dr. Mark H. Beaudry – Assistant Professor, Criminal Justice & Security Studies, cyber security, criminology at Worcester State University (US)
Andrew J. Peden – CEO at L5L Solutions (US)
Antoinette King – Founder of Credo Cyber Consulting
Key points
Mark Beaudry starts by noting that the cost to victims of attacks has dramatically increased to $21 billion and is set to rise to $265 billion. You will hear Mark outline two different types of attacks, which includes being denied access to files. He identifies four national states that are recognised for the cyber-attack threats they pose, namely China and Russia where intellectual property theft looms large, North Korea who attacks financial institutions and crypto currencies, and Iran which is growing in significance with both its intelligence agency and revolutionary guards attacking the critical infrastructure of nations. Moreover, nation states are linking up with criminal groups to help disguise their activities and increasingly attack cryptocurrency and NFTs. Moreover, the platforms on which blockchain are based create vulnerabilities here too.[1] We are reminded that the key problem is email compromise and that a major issue is the failure of organisations to upgrade defences because the costs are seen as too high. Meanwhile, criminals can buy what they need cheaply on the dark web.
Antoinette King notes that since Covid there has been a massive increase in attacks. Individuals migrated to a new work environment as people worked from home thereby creating a bigger attack surface. Moreover, the nature of attacks has changed since previously nation states attacked the military and state targets but now they have a broader focus which includes individuals. As such responsibility for protection has moved to citizens; the state cannot do it all. You will hear Antoinette discuss a range of issues including: the human element as a key feature in understanding protection; the lack of sharing between the public and private sectors leaving gaps that make it easy for attackers; and offering a historical perspective notes that current threats and responses have being follow a pattern. Meanwhile, and as an example, IOT devices are being sold without sufficient attention to security and anyway consumers are being desensitised to the threat. On another level countries are not concerned about the sanctions being imposed, it is tempting to conclude that offenders are running amok.
Andrew J. Peden reminds us that they are a lot of targets; 4 billion people are connected to the internet. Many of the strategies being adopted are failed ones; the world has not adapted and there is a need to change mindsets. Andrew spends time telling us about the availability of response frameworks that can be used and the process, which will be familiar to all security professionals since in essence good practice starts with understanding the threat as a precursor to building a response. Andrew shifts blame away from cyber security professionals for the state of things but feels company Boards, though well intentioned need to show more ownership if the threats here, while governments have failed to lead. You will hear an interesting discussion about security as a business enabler rather than a cost to organisations; about the merits of paying ransoms against the dangers of doing so; and about the value of insurance which really is a case of buyer beware.
At the end of the webinar panellists were asked what they saw as the key strategic needs to tackle ransomware attacks going forward. Andrew, focussed on bridging the public and private partnership gap. Antionette on educating people to understand cyber risks and what their role is, and should be both in work and home. Mark noted there are 300,000 cyber security jobs available and that is expected to reach about 30 million in a few years. Clearly advice we should heed.
Martin Gill
8th September 2022
[1] For an excellent description of the issue about hacking blockchain Mark recommends this link: https://www.techopedia.com/can-the-blockchain-be-hacked/2/33623