In 2016, cyber experts will understand that the best way to address the issue of ransomware is not trying to prevent it, but rather responding to it, says Wikistrat’s Michael Tanji.
In the cyber sphere, 2015 was the year of ransomware, which is arguably the most effective and rapidly growing digital criminal activity today. Attackers infect a victim’s system and encrypt its hard drive; the keys to unlock the encrypted files are available for a few hundred dollars in ransom. The power of ransomware is that — unless you have current backup files — no amount of forensics or technical activity will recover your files. Most people have a moral or ethical inhibition to paying a ransom, but if you want your data back you have no choice. This begs the question: What happens to the field of cybersecurity if dealing with criminals is cheaper, easier and more effective than calling for help?
Digital defenders like to promote the idea of raising attacker costs, but the genius of ransomware is that it reduces the expense of the intended response. Ransoms are a few hundred dollars and payable in a few minutes; a digital forensic examination (which will be fruitless) costs thousands of dollars and takes days to complete. Digital criminals are making a large portion of the multi-billion-dollar cybersecurity market redundant. Ransomware is only the beginning. We are already starting to see variants like exposé-ware (pay me or I’ll publish your data online for everyone to see). True innovation in cybersecurity is occurring on the wrong side of the law.
Thus, 2016 will be the year in which cyber experts will understand that the best way to address the issue of ransomware is not by trying to prevent it, but rather by responding to it. In an era when remedying computer security failures is cheaper than calling in computer security experts, watch those who want to survive adopt several changes. It will be difficult for the investigative sub-set of the industry to accept, but the future is more about restoration than conviction. Methodologies designed to produce admissible “evidence” will be replaced by tactics, techniques and procedures for getting organizations back to work.
Click here to read all of Wikistrat’s predictions for 2016.
About the author
Wikistrat Senior Analyst
Director and Co-Founder of Kyrus Tech Inc.