What keeps me up at night: Ransomware attacks

By Benjamin O. Powers

“What keeps me up at night” is a series where top security experts reveal the threats, technologies, and tactics that keep their industry constantly on its toes. As regular citizens, we don’t know the half of what’s going at the highest levels of national and international security (the true volume would probably induce mass panic). These experts can help give us a better idea of the type of threats we face, and how we as a society can protect against them.

Megan Lamberth, a research assistant with the Technology and National Security Program at the Center for a New American Security (CNAS), is deeply familiar with U.S. foreign policy challenges thanks to her time spent as a fellow at the Aspen Strategy Group. These days, she has ransomware attacks and misinformation on her mind. 

Twenty-two known ransomware attacks have taken place within the public sector so far in 2019, and as recent as early June, a Florida city agreed to pay $600,000 to hackers after falling victim to a cyber assault. Meanwhile, deepfakes technology continues to advance–but Lamberth has some ideas on how the government can fight back.

What is the most pressing security threat that faces us today?

Short answer: Ransomware attacks are on the rise.

I believe one of the most pressing cyber threats domestically are ransomware attacks. Over the past couple of years, we have seen a significant rise in ransomware attacks on cities, hospitals, schools, and other public institutions. Recently, Baltimore municipal government was targeted in a ransomware attack that locked government employees out of their email accounts, disrupted real estate sales, and interrupted a multitude of other government services. These ransomware attacks have lasting impact and can cost millions of taxpayer dollars in recovery.   

These attacks highlight the broader need for increased IT infrastructure budgets in municipal governments. These kinds of ransomware attacks will continue, and governments must begin investing more in digital infrastructure to protect cities’ critical data and prevent the disruption of city services. 

What is the biggest security threat on the horizon that we don’t know about?

Short answer: Deepfakes going deeper.

We have all been witnesses to the rise of digital misinformation and disinformation, and its impact on our elections, communities, and civil discourse. But I don’t think the U.S. government and the private tech industry are doing enough to address this pervasive problem. With the 2020 U.S. presidential election on the horizon, the risk of harmful misinformation will be exacerbated by social media influence campaigns and technologies such as deep fakes. 

What can we do to address these security threats right now? How about in the future?

Short answer: Enact laws and regulations.

Misinformation is not a monolith, and we can’t treat it as a problem with a singular solution that must be executed by a singular actor. There are mechanisms that the U.S. government, private industry, and civil society must implement to reduce the damage of disinformation and misinformation in the general public. The U.S. government, particularly the U.S. Congress, will play a role in drafting laws and regulations limiting the spread of manipulated media on social platforms. 

The private tech sector will also have to continue exploring ways to better police their platforms. In the case of deep fake technology, tech companies must work alongside research labs to develop and integrate automated detection software on their existing platforms. 

Ultimately, the most important mechanism, but also the most difficult, is building digital resiliency and tech literacy in our communities. Communities are not monoliths either, and we will have to discover ways to engage with different demographic groups that consume their news through different mediums.

Photo by Clint Patterson on Unsplash

Many of the articles within the media pages of the patriot1tech.com website are 3rd party in origin and have been included for informative purposes only. Decisions to include articles are solely based on the timely nature of the storyline as it applies to the security industry in general and to the proliferation of threats to public safety in particular. The inclusion of these articles does not imply that PATRIOT ONE its management, agents or employees endorses any statements expressed. The public is advised to fully investigate any contentious claims or assertions prior to arriving at any conclusions. Any hyperlinks included in these articles does not imply that PATRIOT ONE monitors or endorses these websites. Accordingly, PATRIOT ONE accepts no responsibility for such websites. Additional information regarding exclusions and liability limitations are outlined here.