Security Alert: The Anti-Alfred E. Newman Effect
August 9, 2021 Alex Woodie
For years, business leaders resembled Alfred E. Newman when it came to security. If “What, me worry?” wasn’t their motto, then it was something awful close. But amid a slew of high-profile cyberattacks on the nation’s infrastructure, corporate and government officials are – finally – starting to get the message.
“The Summer of Ransomware” began in May 2021, when hackers shut down the largest gasoline pipeline on the East Coast. That attack was followed by several other high profile attacks that shut down schools, meat processing plants, and healthcare networks in the U.S. and Western Europe. There has also been a slew of lower profile attacks on midsize businesses (including IBM i shops) that have largely flown under the national radar.
But signs of the ransomware surge were evident as far back as the fall of 2020, when cybersecurity companies detected a rapid uptick in online threats. Bitdefender, for example, documented a 715 percent increase in ransomware from the first half of 2019 to the first half of 2020. Various federal agencies, including the FBI, Health and Human Services, and Cybersecurity and Infrastructure Security Agency (CISA), noted the increased activity, with the CISA warning of a “increased and imminent cybercrime threat” to American hospitals in October.
The recent spate of ransomware surge has brought several new elements to what has been a decades-long cat-and-mouse game between cybercriminals and the CISOs of corporate and government IT departments. That includes the rise of so-called supply chain attacks, such as the REvil ransomware group’s successful exploit of a vulnerability in Kaseya software, as well as the Solarwinds cyberattack, which enabled hackers to bypass multi-factor authentication to steal information.
What is not new? The fact that malicious hackers working for foreign adversaries are behind these attacks. The REvil ransomware group and Cozy Bear (which is suspected of being behind the Solarwinds attack) both originated in Russia, ostensibly with the support of the government (or indifference at the very least).
There’s one more thing that is new: It’s finally getting the attention of decision-makers. With ransomware and other cyberattacks on the rise, the boards of American companies and top executives in the government are speaking out about the need to improve cyber defenses.
The concerns have gone to the top. In May, President Joe Biden issued an executive order to improve the country’s cybersecurity. “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” he wrote.
Then in July, Biden asked his intelligence agencies to investigate the REvil group’s Kaseya supply chain attack, which had impacted millions of systems at 1,500 organizations just before the July 4th holiday weekend. The attack came just weeks after Biden urged Russian President Vladimir Putin to crack down on cyber hackers emanating from Russia, and warned of consequences if such ransomware attacks continued to proliferate.
It’s not clear if the United States retaliated against the governments of Russia or China, which U.S. officials suspect of harboring hackers who attached Microsoft’s hosted Exchange servers and perpetrating other ransomware attacks. While the response is not clear, what is clear is that the message is getting through that cybersecurity is a major problem.
One of the ways to protect data and applications today (besides running them on highly secure IBM i systems) is to run them in a modern cloud infrastructure. While companies had been concerned of security protections in the cloud before, they now often view the cloud as having better security than what they can provide on-prem.
According to a recent survey from IBM, security is both a barrier and a driver to cloud adoption, at least in the government. The study of government IT managers found that 75 percent of respondents cited migrating and managing data from legacy systems to the cloud as a challenge for their current or former agency, with security cited as the top barrier but also as a main driver.
“With the President’s executive orders, the U.S. Federal market is facing a massive transformation to its cybersecurity strategy which requires a great deal of technological modernization,” stated Howard Boville, head of IBM Cloud Platform. “Enterprise technology providers are stewards of massive volumes of personal data, and we need to do our utmost to protect this data.”
A considerable amount of digital assets reside in IBM i systems at large companies, and so it goes without saying that these enterprises must also improve their IBM i security postures too. The poor security practices of IBM i shops have been well-documented by HelpSystems subsidiary PowerTech and its State of IBM i Security reports. With the increased frequency of cyber attacks at companies large and small, this should serve as a wake-up call for IT managers and CISOs.
It’s all about de-risking your system, says Carol Woodbury, a co-founder of DXR Security and an IBM i security expert. Woodbury has dealt with a number of actual malware attacks on IBM i shops, and during a recent webinar with Precisely, she encouraged her viewers to put themselves in the shoes of IT shops that have had their entire data center impacted by malware.
“Think about it: If your entire infrastructure was infected with some type of malware, be it ransomware or something else, what would the outage be to your business? And how much would you have to do . . . to recover to come up and be back in business?” Woodbury said. “That’s the type of business disruption I’m talking about, and that’s the type of business disruption we want to avoid. This is all about reducing risk. Getting down that risk to something that is much more manageable and is not your entire data center.”
That’s a lot to worry about. And it’s not a bad thing.