With the escalating threat of ransomware, the U.S. government is urging a global ban on ransom payments. Although not paying ransoms is a growing international commitment, there is an ongoing debate if such a proposition can be enforced effectively worldwide.
With this in mind, Cyber Magazine speaks with Raghu Nandakumara, Head of Industry Solutions at Illumio, to offer insight into the challenges and opportunities posed by a potential ban and what it could mean for global businesses. He also offers insights into cloud strategies and how businesses can benefit from Zero Trust Segmentation and bolster their cyber resilience.
1. Is a global ban on ransomware the right approach?
“It's an attractive proposition on paper. Stopping ransom payments would, in theory, reduce the tide of future attacks. However, it’s not the silver bullet.
“Even if you enforce a ban on paying ransoms, threat actors have several other ways to monetise stolen data. We've seen a surge in the sale of confidential information on the dark web. So, the issue is far more complex than simply cutting off one revenue stream for cybercriminals.
“A ban will only work if organisations adopt robust technological measures and procedures to counter ransomware effectively. Legislation like NIS2 and DORA in the EU show promise in mandating organisations up their game in cybersecurity. These regulations make specific provisions around incident reporting and security enforcements that can help organisations become more resilient.
“Another angle to consider is the practicality of a global ban. The U.S. can advocate for such a policy, like how it's pushing for Zero Trust architectures, but imposing a worldwide ban needs universal buy-in. Some countries may be more willing than others to enforce sanctions on nations that pay ransoms.
“And even if such a ban becomes law, enforcing it becomes the next Herculean task. Just one of the issues adding to this challenge is that most ransom payments are made in crypto, often moved into obfuscation peer-to-peer tools like crypto mixers. This means that tracing every ransom payment will be a challenging task for regulators, given how frequent these attacks are.
“So, while a global ban could be part of the solution, it isn't the outright fix. What we need is a multi-pronged approach that involves cross-border cooperation, industry collaboration, and more resilient cybersecurity infrastructure for organisations.”
2. Why does the U.S. want to enforce this ban, and what can other countries learn from it?
“The U.S. is pushing for this narrative primarily to break the vicious cycle of ransomware. The rationale is straightforward: if you starve the criminals of their financial incentives, you can considerably cripple their operations. However, the U.S. isn't an isolated entity; it's part of a complex global network.
“The U.S. also recognises the value of technological fortification, as evident in its advocacy for Zero Trust and multi-factor authentication. These strategies must be considered and mandated by other governments and regulators, along with a ban on ransomware payments.
“That said, every nation has its unique cyber landscape and faces distinct challenges. For example, some European countries have made strides with security directives focusing on risk management. These regulations could offer valuable lessons to the U.S. in return, demonstrating that collaboration is a two-way street.
“What’s more, the U.S. approach puts emphasis on public-private partnerships. Private entities often possess advanced technologies and threat intelligence that can complement governmental efforts. Other countries should note the value in these partnerships and strive to cultivate them within their own borders.”
3. How big is the ransomware threat facing organisations?
“The ransomware threat today is enormous, and it’s evolving at an alarming rate. Reports suggest that ransomware attacks have increased by more than 37% in 2023, and the revenue for threat actors is projected to reach nearly US$900m by the end of this year.
“It's important to realise that the financial toll is just the tip of the iceberg. Ransomware attacks can disrupt critical business operations, grind service delivery to a halt, and lead to the exfiltration of sensitive data. Even if we try to stop ransomware by preventing payments, cyberattacks aren’t going away. It’s vital that we focus on enforcing effective architectures that can keep operations running during the event of a breach.
“Also, ransomware doesn't just target large corporations. SMBs (small and medium businesses) often find themselves in the crosshairs because they're perceived as easier targets with weaker defences. Smaller firms are also more vulnerable as they may not have the resources to recover from an attack, leaving them at risk of closure.
“Some businesses also have a perception that paying a ransom once will be an acceptable loss in terms of their overall long-term profits, as opposed to experiencing prolonged downtime. Ransomware attackers often bank on this mentality and ramp up their extortion demands.
“If organisations opt to pay the ransom, they're tagged as easy prey and often targeted again in the future. Worse, even after payment, there's no guarantee that systems and data will be restored, leaving organisations to resolve things themselves with nothing to show for the payment.”
4. What can organisations do to build resilience to ransomware threats?
“The first step should be to adopt an 'assume intrusion' mentality. This mindset prompts organisations to continuously strive for building resilience, rather than assuming perimeter defences will hold. To truly internalise this mentality, organisations should employ technologies and processes that prepare them for containment and recovery after an attack.
“A key part of this approach is the implementation of Zero Trust Segmentation (ZTS). Zero Trust is a security strategy based on the principles of trusting no one and verifying everything. ZTS, also known as microsegmentation, is a key component of Zero Trust, and creates secure zones between cloud, endpoint devices, and servers, to stop attackers from moving across the network. This makes it easy to quickly isolate threats, so that even if an attacker gains access to one area, they can't easily traverse to another.
“Beyond technology, a critical component of building resilience is cross-border and industry collaboration. Sharing information about threats, vulnerabilities, and best practices can help organisations collectively bolster their defences. This should be encouraged through policy measures that facilitate transparent reporting and knowledge sharing.
“Organisations also need to invest in ongoing cybersecurity training for staff. After all, a well-informed team acts as an additional layer of defence against phishing attempts and other entry points for ransomware.
“So, building resilience to ransomware is not a one-off task but an ongoing commitment. It's a blend of the right technology, policies, international cooperation, and a security-conscious culture.”
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.