The Biden-Harris Administration has released the 2023 National Cybersecurity Strategy (NCS), which you can read online here. The purpose of this strategy is to ensure a ‘safe and secure digital ecosystem’ for all Americans. These efforts build on the 2018 NCS, as well as Biden’s Executive Orders, Department of Justice (DOJ) law enforcement activities, and departmental efforts to increase cybersecurity standards.
The new strategy shifts the roles, responsibilities, and resources required in cybersecurity, and it recognizes the need for long-term investments in resilient infrastructure. The new strategy specifically calls out autocratic states that use cyber capabilities in ways that threaten U.S. national security and economic prosperity. These nation-states use malicious actors to gather intelligence, steal high-value data, and use extortion to generate revenue for military and nuclear ambitions. This is detailed in Strategic Objective 2.5 (p. 21), which declares the intention to attack the ransomware epidemic that is crippling infrastructures, governments, hospitals, and every other type of organization you can imagine.
The strategy identifies four lines of effort to protect the country from ransomware attacks (p. 21):
- Leveraging international cooperation to disrupt the ransomware ecosystem and isolate those countries that provide safe havens for criminals.
- Investigating ransomware crimes and using law enforcement and other authorities to disrupt ransomware infrastructure and actors.
- Bolstering critical infrastructure resilience to withstand ransomware attacks.
- Addressing the abuse of virtual currency to launder ransom payments.
Barracuda recognized ransomware as a national security issue several years ago. Organized cybercrime gangs made it clear that they have no regard for humanity when they increased their global attacks during the pandemic. They have proven to us that everyone is a target, regardless of the organization’s size or purpose.
Growing threat from foreign actors
In addition to stealing revenue for a state sponsor, threat actors may be determined to simply destroy the victim’s data. One example of this was the wiperware used against Ukraine in January 2022. These attacks were designed to disable critical systems just before the Russian invasion. The U.S. government maintains several websites on Russian cyberthreats to the U.S. and other countries. Wiperware is often disguised as ransomware to distract victims. By letting victims think they can negotiate a decryption key, the criminals may get more time to keep destroying data.
Another goal of foreign actors is to steal information from intelligence agencies and research teams. The University of Hawaii, MIT, and several other universities were targeted in attacks designed to steal research meant for U.S. military use. This is in addition to the ongoing threats against the U.S. Department of Defense and other agencies of the U.S. government.
The importance of XDR, SOC, and collaboration
Defending against foreign actors and other ransomware gangs is a non-stop effort across multiple threat vectors. It is not enough to defend a single attack surface, because ransomware gangs have learned how to exploit vulnerabilities or find other ways around your defenses. Their attacks are sophisticated and constantly improving, but they are also well-mapped across the MITRE ATT&CK framework. Companies should use this framework to assess their risk. An XDR-enabled SOC is the bare minimum a company needs to have a complete strategy against the latest attacks.
One way the cybersecurity industry can help fight cybercrime is to improve collaboration between vendors. In 2016 Barracuda helped take the fight against ransomware to the cloud by joining the No More Ransom project. Barracuda offers extended detection and response (XDR) and Security Operations Center (SOC)-as-a-Service, but we also work nonstop to increase integration with other ecosystems and tools. Sharing threat information strengthens the security community, which is why Barracuda integrates with many world-leading SIEM, SOAR, and XDR platforms. For example, we currently integrate with Splunk, IBM QRadar, SumoLogic, StellarCyber, Azure Sentinel, Palo Alto Prisma, and AWS Security Lake.
The challenge of securing SaaS applications
The adoption of SaaS applications in our daily lives, business or personal, increases the attack surface available to criminals. The user might not be responsible for managing and securing the application. Many times the end users do not understand or even think about security. SaaS applications should improve access to security vendors so that we can help users reduce misconfigurations and policy gaps. This would increase the security posture of the deployment and reduce the company’s exposure to risk.
One example of SaaS and third-party integration would be providing APIs that allow a vendor to continuously monitor SaaS configuration. Performing these checks programmatically allows IT teams to ensure compliance and policy enforcement at all times. Zero Trust Access and other solutions like SaaS Security Posture Management (SSPM) and Cloud Security Posture Management (CSPM) will provide this type of security.
Conclusion
Ransomware attacks cause billions of dollars in U.S. economic loss and contribute to data breaches and identity theft. Hundreds of millions of individuals have had their personal data stolen and used for identity theft or some other crime. In this post-breach era, the sheer number of records stolen makes it easier and more likely that criminals will attack victims again and again, until the criminal is stopped.
It’s not easy to stop a ransomware gang. The attacks are super sophisticated, the tools are expensive, and the U.S. has 800k cybersecurity jobs UNFILLED. We simply do not have enough cybersecurity professionals in place to strengthen our overall defenses. The 2023 NCS acknowledges this shortage of talent in Strategic Objective 4.6 (p. 31). Deploying Barracuda XDR will augment your own security teams with extended visibility, multilayered security, and real-time threat monitoring.
I’m very excited to see this new initiative from the Biden administration as it feels overdue, but it’s never too late to improve cybersecurity across all industries. Remembering that much of our personal data and credentials have been stolen over the years is imperative. We have to expect the attackers to watch our posture, find their way into the infrastructure, and go after our most critical asset — data. Predicated on the current state of emergency for cybersecurity, we should always be vigilant, alert, and collaborative in fighting these cybercrimes.
Photo: VideoFlow / Shutterstock
