Consumer Electronics Daily was a Warren News publication.
‘Weakest Link’

Feds 'Need More' From Industry to Fight Ransomware: CISA's Wales

October 14, 2021 by Paul Gluckman|Top News

There’s no “silver bullet” for resolving the ransomware “crisis,” Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, told an Axios webinar Wednesday. There’s more the government can and should do “to help arm” U.S. businesses “with the kind of information that will allow them to protect their networks,” he said.

Industry needs to “better understand that the time to grapple with ransomware is not after you’ve been hit,” but “well ahead of time,” Wales said. There’s also more the government can do to “track and go after the money and the criminals who are executing these attacks,” he said.

But government does “need more from the private sector” in the quality of information shared with federal authorities post-attack to thwart future hacks, Wales said: “We need them to think really hard about the payment of these ransoms, because it has been this view that it’s cheaper to pay off these criminals that has only accelerated the crisis.”

The Joint Cyber Defense Collaborative (JCDC) that CISA launched in August involves several “critical” private-sector companies that have “very broad visibility into the cyberspace of this country and the world,” said Wales. Initial industry partners for the initiative are Amazon Web Services, AT&T, CrowdStrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks and Verizon. “These are the companies that have the ability to see what’s happening across the board” domestically and overseas, and can “take action at a scale that no company can do individually,” the official said.

The initiative aims at “real operational” public-private collaboration, with ransomware a top priority, by being able “to take collective action quickly and at a scale that’s really needed to combat the problem,” said Wales. The JCDC, though only two months old, is a “critical linchpin” in the battle to thwart ransomware attacks, he said. “We really think it’s the future of collective defense in the cybersecurity sphere.”

Multi-factor authentication” (MFA) is one safeguard CISA is “pushing heavily” for companies to adopt during October's Cybersecurity Awareness Month, said Wales. MFA protocols require individuals to present two or more forms of credentials to be granted access to applications, websites or networks. Using MFA security on various “privileged” or “internet-facing” accounts “is probably the single most important thing you can do to protect yourself against cyber incidents,” he said.

Companies need to take better “stock” of their cybersecurity flaws, said Wales. “See what you’re doing that may not be too cyber smart,” he said, including using out-of-date software, or maintaining internet-accessible accounts with “unpatched software or hardware,” he said. Ransomware operators are “looking for the weakest link,” he said. “They’re not going to spend a lot of time trying to get into every single company. They’re going to look for people who have these commonly used vulnerabilities, and they’re going to exploit them.”