Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

What Skyjacking and Kidnapping Cases Can Teach Us About Responding to Ransomware Attacks

While ransomware is a relatively new phenomenon, ransom-related crimes have been around for generations. Here are four lessons from the past which we believe will help state and local governments protect themselves in today’s digital world.

In 2018, there were 56 targeted ransomware attacks reported by state and local governments in the United States, a 40 percent increase over the number reported the previous year, according to a May 2019 Recorded Future report. In the first half of 2019 alone there were 55 documented attacks, nearly equaling the 2018 total and suggesting that this trend is accelerating. 

The increasing number of ransomware attacks in state and local government has resulted in an explosion of media coverage, most of which has focused on current causes and effects. We believe there’s value in looking at past instances of ransom-related crimes, such as skyjackings and kidnappings, and examining the actions taken to reduce them. These examples offer response tactics we believe can be applied to today’s digital world. 

Let’s start with skyjackings. In the 1970s, over 150 planes were hijacked and held for ransom in the United States alone. Fast-forward to 2018: there were none. So what changed? Three things: 

  • More stringent airport screening; 
  • Hardened cockpits on planes; and
  • Aggressive responses by passengers and crew to potential threats. 

The response to political kidnappings can be equally instructive with regard to dealing with ransomware. The advent of “Kidnapping and Ransom (K&R)” insurance completely changed the calculus on these events by adding a risk reduction requirement to the policies. If you wanted K&R coverage you had to take precautions to actually reduce your risk of being kidnapped. 

Using Past Ransom Crises to Define Future Ransomware Response Strategies

What do the responses to these past threats have to do with today’s digital attacks? We see four lessons learned from past ransom crises which we believe can be applied to protecting state and local  governments from ransomware. 

  • Change behaviors. In the skyjacking example, increased airport screening has affected air travel for all passengers, but they’ve adapted to it. Taking off your shoes and going through a metal detector are now accepted practices. Similarly, cities might consider adopting e-screening techniques as a requirement before the public can access digital services. This might include something as simple as making sure residents have updated the operating system software on their mobile devices before allowing them access to city websites. Or, it might mean changing internal practices to implement more stringent patch management on agency-owned assets, such as using tools to prioritize this type of mitigation. In addition, city employees could be required to connect to work-related applications only with city-owned assets or via proprietary VPN connections using two-factor authentication. 
  • Harden the infrastructure. If a threat actor in a skyjacking scenario can’t get in the cockpit, they can’t take over the plane. Government IT infrastructure needs to be equally hardened. While information technology professionals understand the importance of implementing CIS controls and/or other standards, they often lack the budgetary influence to obtain the tools necessary to implement them. In the ongoing Deloitte-NASCIO Cybersecurity Study, which is based on biennial surveys of state CIOs, respondents have routinely cited a lack of sufficient funding as their No. 1 challenge in addressing states’ efforts to thwart threat actors. To address this, cities should transfer cybersecurity responsibility from IT to public safety. Public safety initiatives get funded because their work is visible to the public. More to the point, public safety leaders can acquire weapons and weapons systems — and cybersecurity tools could be branded as such. Here are three ways local governments can change the conversation when it comes to cybersecurity funding
  • All for one and one for all. Behave threateningly on an airplane today and fellow passengers will take action. While we’re certainly not condoning vigilantism, we believe cities should empower their communities to respond quickly and assertively to all forms of cyberthreats, from phishing attacks to complex exploits by threat actors. First, mayors should install someone in uniform as the city CISO and address cyberthreats in the same manner as any other potential crimes. Tools like Tenable’s, which offer predictive prioritization of vulnerabilities, can stand alongside crime reporting, analysis and forecasting tools like CompStat to ensure appropriate resources are applied based on the probability of these crimes occurring. Second, public safety officials should set up Crime Stopper-type channels for reporting cyberthreats and vulnerabilities and make them publicly available. Finally, mayors should create a “cyber corps” of local experts who can be called on as advisors during a crisis and also serve as a sounding board for public comment regarding cyberthreats. 
  • Use insurance as an instrument of change. Kidnapping and ransom insurance policies led to enhanced risk management requirements on behalf of the potential beneficiaries of these policies. The same will be true for cyber insurance. Cities will want to obtain the lowest rate possible for coverage and will therefore comply with similar risk management requirements. This will come with a cost, albeit a much lower one than a ransom. Mayors who choose to acquire cyber insurance can use this fact as a lever to gain increased budget for the acquisition of cyber tools and staffing to control the cost of premiums and further reduce the probability of future ransomware attacks. 

While it’s true that the challenges we’re facing in today’s digital world are unique, it’s helpful to consider these and other ways state and local governments have responded to other major public safety challenges. If you have other ideas on how we can use historical responses to guide our future strategy, email me at [email protected].

Learn more:

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Learn More about Indegy