New Efforts and Challenges in Ransomware Defense
Georgia Tech cybersecurity experts host panel discussion during National Cybersecurity Awareness Month
Cybersecurity continues to be a relevant topic of discussion. On October 25, 2021, Brenden Kuerbis, research scientist within the School of Public Policy at Georgia Tech and instructor in the Online Master of Science in Cybersecurity program, hosted a virtual panel discussion with four experts in the industry to discuss ransomware, national policies, and cybersecurity challenges.
Featured on the panel were Milton Mueller, professor in Georgia Tech’s School of Public Policy and program director for the Policy Track of the Online Master’s of Science in Cybersecurity program; Nadiya Kostyuk, assistant professor in Georgia Tech’s School of Public Policy; Trevor Lewis, research scientist and penetration tester for the Georgia Tech Research Institute and instructor for Georgia Tech Professional Education (GTPE); and Joseph Jaeger, assistant professor in the School of Cybersecurity and Privacy at Georgia Tech.
Here are some highlights from their conversation.
National Initiatives and Their Implications
The U.S. government recently passed the Cyber Incident Notification Act, which would require federal entities and their contractors as well as “critical infrastructure operators” to disclose cybersecurity breaches to the Department of Homeland Security if passed, and the Ransomware Disclosure Act, which would also require U.S. companies specifically impacted by ransomware attacks to report payments to hackers within 48 hours. The White House has also made more public efforts to collaborate internationally to solve problems in cybersecurity.
According to Mueller, these initiatives are part of a long-standing effort of the federal government to play a bigger role in cybersecurity, but they may be more impressive than effective. Specifically, Mueller demonstrated concern that adding additional bureaucratic pressure on organizations already burdened by state and in-house policies may only create counterproductivity. However, it may prove helpful to have more consistent statistics about ransomware attacks and attackers across the nation.
Kostyuk explained that these initiatives fall under three categories. One, creating a tighter defense system to make cyberattacks more difficult; two, collaborating with the international community; and three, mandating reporting of cyberattacks.
Like Mueller, Kostyuk was also skeptical about the effectiveness of the federal efforts. Collaborating with other countries may prove to be ineffective simply because most of these countries don’t have the capacity to enact adequate cyber defense measures, so they can’t fully participate in the international discussion.
Also, mandating reports of cyberattacks comes with potential issues of its own. First, reports will always be in some part skewed due to reporting biases. And second, the time-constrained mandate could cause additional problems for victims: they may misreport because of the time rush, or they may prioritize reporting over dealing with the actual cybersecurity issue, or they may face a dilemma as the attacker takes advantage of the victim's position in the ransom.
Underlying these concerns, Kostyuk pointed out, is the problem that many of the conversations surrounding the initiatives aren’t communicating new ideas or forming new perspectives. “I think all of these initiatives are great,” Kostyuk said, “but how effective they are we will need to see. So far, I’m a little bit skeptical because it’s not a lot of new information. A lot of the challenges and information that has been used to address cyber threats in general hasn’t been working that effectively yet.”
Organizations Must Expect the Unexpected
When it comes to guarding against cyber threats on the organizational level, the key is awareness and vigilance. According to Lewis, ransomware attackers often target similar vulnerabilities across organizations, “but sometimes the vulnerabilities, or what allows ransomware to spread and enter into an environment, aren’t what you’d expect.” Attackers may target several isolated areas of an organization that individually do not compromise the security of the organization, but together do.
“You’ve really got to look at the entire path that the ransomware takes to enter into an environment,” Lewis explained. “And that’s what makes it challenging for many organizations. There are so many layers from the outside of the network down to the endpoint, especially in complex enterprise environments.” Organizations should set up connected defense measures at every point of the organization, from the perimeter to the core."
Leveraging Cyber Attackers’ Mistakes
Recently, news has circulated the idea that cyber attack victims may be able to leverage mistakes made by cyber-attackers to hack into and recover encrypted information. However, Jaeger posited that this defense tactic is not one hundred percent dependable: "As ransomware attacks are becoming more similar across different systems, breaking into their cryptography would be more valuable, but these similarities indicate that ransomware attacking is becoming more streamlined and professional, which decreases the likelihood that they will make mistakes that allow victims to catch them before irremediable damage has been done."
Additionally, ransomware deployers are now taking a dual approach: demanding payment to return the victim’s encrypted information and also threatening to reveal the information. Breaking into their cryptography to recover the information only solves the first of these problems.
Tentative Success
So, while these new initiatives and ideas to strengthen cybersecurity are certainly exciting, their effectiveness is yet to be determined. Ultimately, we will have to see how the future of cyberspace—on the international, national, and organizational level—develops in order to make the changes necessary to ensure effective cybersecurity.
Cybersecurity is one of the fastest growing fields in the tech sector, requiring technical expertise and a broad range of multidisciplinary knowledge. As such, Georgia Tech approaches our cybersecurity training collaboratively, partnering with leading researchers and scientists from the School of Cybersecurity and Privacy and the Georgia Tech Research Institute to build long-term cybersecurity proficiency at the organizational, national, and international level.
Learn more about our cybersecurity training offerings, including short courses, a cybersecurity certificate, and our online cybersecurity master's program.