Discover how Zero Trust Network Access delivers fast, reliable web application access

Back to blog

How ransomware is creating security-conscious governments

Share this article

Ahead of any battle on the global stage, there’s typically a pivotal moment or event—a Pearl Harbor or a 9/11—that galvanizes the world to take action in a meaningful way.

In the war on ransomware, that galvanizing event has instead been a series of events—a rapid succession of cyberattacks that laid low a U.S. pipeline, shut down JBS meat processing plants in the U.S. and abroad, threatened supply chain operations by impacting 1,500 organizations through an assault on Kaseya, and took down an Irish health care system—and these attacks show no sign of letting up anytime soon, or at all.

The spigot on the Colonial Pipeline had barely been turned back on before the Biden administration began announcing a number of actions government would take to build resiliency by promoting strong cybersecurity hygiene to thwart further attacks. First out of the gate was an executive order that requires software vendors to quickly report breaches and brings the full weight of the Defense Department’s purchasing power to bear—software contractors must meet cybersecurity requirements or forget about doing business with the U.S. government.

Even as the administration was prioritizing cybersecurity within government—tapping some of the brightest luminaries in the public and private sectors—it unveiled a StopRansomware.gov initiative to help businesses, organizations, and individuals mitigate ransomware risk.

Those efforts were backed with some tough talk to the miscreants who perpetrate those attacks and the countries like Russia and China that harbor them. President Biden promised significant consequences, even leaving a kinetic response to attacks on the table, and a call for nations around the world to join forces with the United States to fight ransomware.

The world has responded

Already alarmed by the frequency and intensity of damaging ransomware attacks, particularly as the pandemic left organizations around the world vulnerable, other nations have responded with their own initiatives and have allied themselves with the United States and others to do battle.

Good. Because the fight against ransomware—and the effort to build cybersecurity resilience—truly takes a global village, to both rout out threat actors and spurn future attacks.

This is not the first time that governments around the world have pledged to battle ransomware. In 2016, law enforcement from 41 countries joined together to create a united front against threat actors. But despite crippling attacks like WannaCry in the following years, such alliances have faded to the background. This time it’s different—the Harvard Business Review (HBR) says ransomware attacks were up 150 percent in 2020, with a “dramatic increase” in 2021. These attacks are aimed at private companies, governments—particularly municipalities—and critical infrastructure. And they’re not only costly—HBR says the ransom amounts paid increased 300 percent—they also pose severe economic and geopolitical threats.

Why governments mean business this time

There’s evidence this time around that alarmed governments worldwide have become genuinely security conscious and are taking these threats seriously. The spirit of cooperation is also running high in real terms.

For instance, as an outcome of Vice President Kamala Harris’s late August visit to Singapore, where the number of cyberattacks grew 135 percent between 2019 and 2020, the country expanded its existing cooperation on cybersecurity with the United States to include critical technologies as well as research and development. David Koh, chief executive of the Cyber Security Agency of Singapore (CSA), Singapore’s equivalent of the U.S. Cybersecurity and Infrastructure Agency (CISA), made note at the time of both countries’ “deep mutual interests in enhancing cybersecurity cooperation.”

In South Korea, the Ministry of Science and ICT said it would offer small businesses data encryption, backup, and restoration systems so they could bring their systems back online after ransomware attacks. And an early September meeting brought UK National Cyber Security Centre (NCSC) CEO Lindy Cameron and CISA Director Jan Easterly together in London to commit to work together, along with industry, to defend against ransomware and other cyberattacks. This follows the EU’s pledge to collaborate with the United States “through law enforcement action, raising public awareness on how to protect networks as well as the risk of paying the criminals responsible, and to encourage those states that turn a blind eye to this crime to arrest and extradite or effectively prosecute criminals on their territory.”

Still, there is much more work to be done. The World Economic Forum (WEF) has called on governments to prioritize ransomware and back that with a comprehensive and resourced strategy, create cyber response and recovery funds, coordinate efforts to develop a single and widely adopted Ransomware Framework, and regulate the cryptocurrency sector more closely.

Leading by example

In the United States, much of that work is ongoing. The Defense Information Systems Agency (DISA) Cloud-Based Internet Isolation (CBII) Program is well underway. At the heart of CBII is a next-generation isolation platform meant to protect Defense Department networks around the globe.

The objective for DISA is to enable safe Internet and web browsing and remote user access, assuming a proactive rather than the typically reactive posture.

Ransomware is such a vast and urgent problem that it’s understandable that newly security-conscious governments may not know where to start. But a good first step is to adopt a Zero Trust model. True Zero Trust means no one is trusted. Ever. Until they’re verified. Not only does Zero Trust require a tech fix, it also requires changes in process and mindset. And those changes don’t happen overnight—they take time.

Isolation is also a critical piece of the security puzzle that governments must consider, because it frees up users to access the Internet and work safely online. Users can work anywhere and use any device safely, without risk to the corporate network or their devices.

And as organizations seek more holistic solutions and governments collaborate on a common enemy—ransomware—integration of security solutions should be a priority. Having all solutions work seamlessly together is critical to the layered security necessary to battle threats like ransomware.

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.