COLUMN: Recent attacks force businesses to view cybersecurity with a wider lens

COLUMN: Recent attacks force businesses to view cybersecurity with a wider lens


San José, the capital of Costa Rica, is seen in this photo cropped from wikipedia user ArquiWHAT. Costa Rica declared a national emergency after a cyberattack last week.

Last week, Costa Rica declared a national emergency following a widespread series of ransomware-based cyber attacks that paralyzed infrastructure across the country. The incident, according to several reports, has raised concerns among regulators and government officials that other municipalities or entire countries could face a time of widespread inactivity of critical services after a cyberattack.

The New York Times reported on May 17 that the incident was likely perpetrated by a Russian “cartel”, possibly in retaliation for Costa Rican government support in Ukraine. The country’s president told reporters the attack dates back to April 12, when a ransomware gang stormed the Ministry of Finance, which hosts Costa Rica’s tax agency. The ransomware spread to other government agencies, significantly affecting telecommunications and technology services. So far, the government has said it has not paid and will not pay a ransom claim to the attackers.

Emsisoft has estimated that ransomware attacks cost the victims more than US $ 600 million last year. But the attack on the Costa Rican government is the largest criminal ransomware attack known to date against a country’s government. Costa Rican residents were even forced to fight to pay their taxes on hand last week after the ransomware cyber attack toppled the country’s online tax collection system.

The attacks have also had a “huge” impact on the country’s foreign trade system, according to Central American President Rodrigo Chaves, who publicly acknowledged the enormity of the crisis in comments to reporters just a week after invested as president. .

The incident presents the usual “lessons learned” in ransomware: Networking with strong segmentation can help contain ransomware attacks and others that spread easily between departments; and adequate backups to restore service after an outage. Public-private partnerships can also help fill the knowledge gaps between the types of attacks observed by companies and those experienced by governments.

While these steps may help prevent this incident, we all know that there is a shortage of talent, a shortage of time, and a shortage of money that prevent governments of all kinds (local, state, or federal) from taking action to prevent this. a particular attacker, as is the case here.

This leaves an important lesson for companies: a forward-looking disaster recovery strategy may need to include preparation not only for a direct cyberattack on the company, but also for a successful attack on the company’s infrastructure. which the company is based on. With telecommunications, utilities, police, fire and other utilities deeply affected in Costa Rica, companies will also face short-term uncertainty.

This type of scenario has already happened in the United States before in the big cities: in 2020, Baltimore was the target of ransomware attacks that paralyzed the city’s services and leaked into the local economy: the Real estate transactions stalled for a few weeks and water service companies could not. do not process transactions.

All these incidents remind us that protecting companies from cyberattacks will continue to be much more than the responsibility of every business, government agency or service provider, but a problem that launches a very wide network into all parts of the economy.


Kate Fazzini is CEO of Flore Albo LLC, Associate Professor of Cybersecurity at Georgetown University, author of Realm of lies: disturbing adventures in the world of cybercrime and has been a cybersecurity reporter for The Wall Street Journal and CNBC.

John Shegerian is co – founder and president / CEO of ERI, the leading provider of fully integrated computer and electronic asset disposal in the country and a hardware destruction company focused on cybersecurity. Business Journal readers can visit it eridirect.com/insecurity-of-everything-book/ to receive a free copy of John’s new book, The insecurity of everything.





Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.