The US government’s response to the huge surge in ransomware is long overdue, but is it too late? With more priority set to be placed on ransomware attacks and the consequential investigations, we’re in a prime position to make strides in preventing these attacks.
We heard from top ransomware experts across the cybersecurity industry to get their views on how the government responded, what can be done to combat ransomware, and if there is an end in sight.
Kunal Anand, Chief Technology Officer, Imperva
"It's highly unlikely that the majority of enterprises and small businesses in the U.S. will be able to do anything with the guidance from [the] White House memo. It assumes that every business has the technical acumen to understand these concepts and the resources to implement these guidelines. The Federal government needs to step up – more than ever – to help businesses that are vulnerable and unaware of how to protect themselves from the growing volume of ransomware attacks and other cyber-attack risks.
Instead of focusing on defensive and reactive measures, the Biden administration needs to take a more effective position – aimed at providing tactical support and resources. The U.S. government should be looking at setting up departments that can help the private sector, or an Emergency Cybersecurity Center for broadcasting threats and attacks to everyone. At a time when the nation is under siege by ransomware attacks that are disrupting daily life, the U.S. Government needs to ask industry leaders to donate their time – whether it’s helping provide recommendations, setting up resource groups, etc. This should be seen as a patriotic duty."
Chuck Everette, Director of Cybersecurity at Deep Instinct
"Major flaws in vital US infrastructure have been well documented by the government itself and 3rd party investigations, and these reports have all identified key vulnerabilities in vital infrastructure that malicious actors have and will continue to exploit. These attacks have taken advantage of common security gaps that were created when companies started leveraging automation for data analytics, operations and management. The primary thinking around leveraging automation was “ease of use” and lowering of operating costs. Unfortunately security was not a consideration in these strategies, nor did it appear on the long-range radar of companies. Now, years later and after several attacks on US infrastructure, we’re paying the price of these vulnerabilities and security gaps are being investigated in earnest.
Prosecution after the fact is not solving the issue.