Cybersecurity Engineer/Risk Assessor Susan Ramsey (National Center for Atmospheric Research) presented to an international delegation of cybersecurity specialists who are attending the Understanding Risk in Shared CyberEcosystems, or URISC@SC17 workshop this week in Denver, Colorado. URISC delegates and presenters from 11 countries and 12 U.S. states will also attend SC17, the annual international conference for high performance computing, networking, storage, and analysis.
Ramsey explained how attacks are fully-automated; operations are housed in office complexes where well-paid specialists identify and exploit technical vulnerabilities in Internet-enabled devices. They even have help desks! Once they collect enough information about a target, they are able to launch a highly sophisticated assault that considers a range of information about the victim.
Ransomware was recently used to hijack Springhill Tennessee’s emergency response system that was held for $250k ransom. While that would be a trivial amount for a large city, for a small town, like Springhill, it’s a lot of money and probably reflects how much they had in the bank.
Most agree all are at risk, and it doesn’t matter how strong your defenses are; it’s likely they can and will be penetrated. It isn’t a matter of if your data will be breached, it’s when. Ramsey also noted that there are policing agencies that will notify organizations that have been targeted, but they don’t pay to mitigate the problem. It’s up to everyone to safeguard their own data and information systems, but few have a sufficient defense—especially universities where intellectual property is at risk.
For a real-time snapshot of attacks, visit the Norse Attack Map site: