Grey-Sloan Memorial Hospital, the fictional hospital on the television drama “Grey’s Anatomy,” was suddenly brought to a halt Nov. 14 at the hands of ransomware. The No. 3 drama on broadcast television, a venerable franchise of 14 seasons and 300 episodes, reflected the harsh reality faced by many. WannaCry, Petya, and Equifax entered dinner table conversation and late-night talk show monologues. In 2017 cybercrime made primetime.
The events that transpired this year put cybersecurity on everyone’s mind. The stories of ransomware and malware found their way into homes, schools, and businesses – everyday life.
The Attacks That Changed Everything
In May, the ransomware WannaCry took center stage. True to its name, WannaCry was worth its weight in tears: 150 countries impacted, 250,000 machines infected, 16 United Kingdom medical centers taken down, all in just one day. The ransom was paid, and expert analysis ensued. The motive: disruption. As Raj Samani, Chief Scientist at McAfee stated: “The game has changed. The reality is that any organization can hire someone to disrupt a competitor’s business operations for less than the price of a cup of coffee.”
Taking cues from WannaCry, the Petya/NotPetya malware emerged a month later as its successor. The next global cyberattack leveraged the same vulnerability, but was nastier when infecting systems. Instead of locking away files and extorting money from victims, Petya/NotPetya was a wiper – deleting all files from affected devices.
The threat landscape was not just populated by cyberattacks, but also a data breach deemed the worst in recent memory. The Equifax breach exposed crucial personal identification of roughly 143 million consumers in the United States. This data included names, addresses, birthdates, driver’s license data and Social Security numbers. “We need to view the Equifax breach as a catalyst moment for rethinking the way we handle identification for U.S. citizens,” said Steve Grobman, senior vice president and chief technology officer for McAfee.
Cause and Effect
These attacks moved the needle. Cybercriminals were upping their game. These attacks mandated that cybersecurity must be faster, smarter, and more effective. Christiaan Beek, lead scientist and principal engineer at McAfee, says our improved response time to ransomware attacks confirms that’s happening: “The cybersecurity world is indeed responding faster than before, especially after WannaCry, which was another wake-up call… The moment researchers see that a decryptor is available, we go on and continue to hunt down the next one or learn from the previous ones and start innovating or fine-tuning our products.”
Now that cybersecurity is on prime time, what happens? We’re paying attention. Does that mean we’re prepared?
McAfee Chief Executive Officer Chris Young thinks we still have a ways to go. “It’s nearly 2018. And from the discussions I have weekly, it’s clear that business leaders understand far more about the risk of cyber threats today than they did even a few years ago. However, so many business leaders I talk to still want to know if they’re doing everything they can to protect their companies. Answer: They’re not.”
Young recommends a “Culture of Security” –– a paradigm shift in philosophy and approach from the executive boardroom to new employees on their first day. Leaders must demonstrate a new priority, whether it’s impeccable password and virtual private network use, or cloud computing adoption only under the guidance of cybersecurity professionals. “Businesses need to think security first,” Young says. “Whether that’s in designing new products and services, signing partnership agreements, in hiring new employees, or anything else.”
Malware is not the star of the show. It’s the villain, but a powerful one. Cybersecurity must adapt to address it. McAfee wrapped up 2017 by announcing the upcoming acquisition of cloud provider Skyhigh Networks, which will become part of the McAfee Cloud Security Business Unit. Skyhigh will join a McAfee portfolio that includes market-leading products in the endpoint and security operations center (SOC). Partnering in an open ecosystem pulls these major strengths together in a new and agile way.
Welcome, 2018. New tools and a new “Culture of Security” are ready to take on new threats.