New reality of ransomware attacks spikes FUD in cybersecurity

Cyber attacks are making headlines, fomenting fear from all directions

New reality of ransomware attacks spikes FUD in cybersecurity

I've been listening to NPR and my local station, WBUR, for the better part of the last two decades. During that same time frame, the NSA has been investing billions of dollars into building offensive hacking tools.

Unfortunately, Shadow Brokers got their hands on a list of weapons and released them in a data dump. However, until WannaCry struck in May, there hadn't been many stories about what's happening in IT and cybersecurity.

As America's birthday neared, it seemed that instead of celebrating successes, news stories were forecasting the nation's peril at the hands of cyber weapons.

Tom Ashbrook's On Point featured guest was Nicole Pelroth, a cybersecurity reporter for The New York Times and author of the soon-to-be-released book, This is How They Tell Me the World Ends.

Also joining the conversation was John Carlin, a cybersecurity expert who warned on CNBC that we are facing a global epidemic for cyber attacks, leaving Ashbrook questioning whether we are sitting ducks awaiting a digital Pearl Harbor. 

Many point to this week's headlines of a Nasdaq glitch resulting from human error as evidence of the potential consequences of a global attack, but are we really in what Carlin calls the era of cyber insecurity?

Ashbrook asked, "Do you doubt that determined hackers—attackers—could now shut most of this country down?"

I really want to say yes, but we don't know what we don't know. 

Yes, attackers can cause serious destruction to our critical infrastructure, but that reality is not new. It's awareness of that reality that has changed. Ted Harrington, executive partner at Independent Security Evaluators (ISE), has been talking about the risks to patient health for years now.

But when ISE released its Hacking Hospitals report early last year, ransomware attacks targeting hospitals were still fairly new. Since then, the healthcare sector has paid out thousands of dollars in Bitcoin to release encrypted files. 

Then WannaCry happened, directly impacting medical devices and hospitals in the U.K.'s National Health Service (NHS). As Ukraine continues to investigate the NotPetya attack, evidence shows that the hackers were quite advanced and sophisticated, and experts are still unable to determine what other tools have been installed through back doors.

Cyber awareness increases cyber hygiene

Even though I want to resist the inclination to buy into fear, uncertainty and doubt, facts that we are increasingly more vulnerable to widespread disruption continue to mount. Maybe that's a good thing.

As the average person comes to understand the reality of risks inherent in our interconnected world, they become more conscious of cyber hygiene. Ethical hacking will continue to be a lucrative field so that those hackers who are motivated by money are more inclined to use their skills for good. 

It would be very easy to get swept up in the fear of cyber war, but the global attacks have not changed the reality that anyone connected to the internet is at risk. WannaCry and Petya have only emphasized the vulnerabilities that have existed for decades. 

Rest assured that there will be more coverage of the vulnerabilities in our critical infrastructure, but know that hundreds of cyber threats are thwarted every day.

IT and cybersecurity strategies continue to be top priority for governments around the world, and long-standing practices in prevention and detection have proven to be effective defense.

No, we can't rest on our laurels convinced we are impervious, but we can remind ourselves not to give way to FUD. Knowledge is power, and with each new incident, the industry is learning to build stronger defenses. We may never be fully prepared for the unknown, but we are preparing to defend against and respond to cyber attacks.

New! Download the State of Cybercrime 2017 report