The 2017 WannaCry ransomware worm may be the most famous ransomware attack in recent history, but it’s far from the only one.  WannaCry’s fame was largely caused by the fact that it indiscriminately infected computers around the world, causing massive amounts of damage and costing affected organizations tens or hundreds of millions of dollars in remediation efforts.  The scope of the infection was only limited by a security researcher finding and activating a “kill switch” built into the malware.

Modern ransomware attacks have become much more targeted.  Rather than attempting to get a small amount of ransom out of a large number of targets, hackers choose quality over quantity and select high-value targets that are likely to produce large payoffs.  Many organizations have data that they can’t afford to lose, so this tactic has proven quite effective.

In recent months, a stream of high-profile attacks has demonstrated that some ransomware operators have found their ideal target: municipal governments.  These organizations often have the scale and resources that the hackers are looking for when trying to score a large payoff but lack the cyber defenses to protect the valuable data and services that they provide.  As a result, entire cities have lost critical services due to these ransomware attacks.

The concept of ransomware is very simple.  In order for a computer to function properly, it needs to have the ability to read the files stored on it.  Ransomware is designed to deny computers this capability.

Encryption technology provides a reversible way of denying access to files.  Anyone with the encryption key can easily retrieve the original data, while anyone without access to it is incapable of doing so.  By encrypting all files on a user’s computer and demanding payment for access to the decryption key, hackers force the victim to either pay the ransom or forfeit access to their files.

Cities in Florida have been especially hard hit in recent months by ransomware attacks.  Several different municipalities have been infected with the malware and decided to pay staggering fines to regain access to their data and infrastructure.  Within one week in June, hackers made over $1 million in ransom payments from Lake City, Florida ($460,000) and Riviera Beach, Florida ($600,000) and infected a third city (Key Biscayne).

In all three cases, the cities were infected by a multistage malware attack where an initial trojan malware sent as part of a phishing attack downloaded ransomware and another trojan.  While the ransom payments made by the Florida cities dealt with the ransomware infection, they still have an unknown amount of additional malware present on the systems that require additional cleanup.

Organizations that pay the ransom also face the possibility that they will be extorted for further payments (which happened to a Kansas hospital) or not receive the decryption key at all (which happens in one out of every five cases).  In some cases, it is possible to decrypt the files without paying the ransom, but this is rare and only helps for the “lucky” ones.

The threat faced by these municipal governments is not limited to the public sector.  Private businesses are also increasingly the target of cyberattacks. One of the biggest factors in this is the availability of skilled cybersecurity practitioners.

The cybersecurity industry is facing a major skills shortage, and it is growing rapidly.  In 2019, 53% of organizations claim that they are facing a cyber skills shortage, up 51% from the previous year.  By 2021, the cyber skills gap is expected to exceed 3.5 million unfilled cybersecurity roles.

The cybersecurity skills gap affects all organizations, but the public sector is especially hard hit.  In the private sector, companies have much more flexibility in offering incentives to attract talent, leaving the public sector scrambling to find qualified applicants.  As a result, organizations like these Florida city governments are more vulnerable to these types of attacks.

Cybersecurity is a rapidly growing field; however, cybersecurity practitioners also need a certain level of experience to be effective.  While new undergraduates can fill some of the gap, organizations are increasingly turning to reskilling existing talent to fill essential cybersecurity roles.  The wave of ransomware attacks against the public sector demonstrates the pressing need for additional cybersecurity practitioners, and experienced workers already operating within the Information Technology field are ideally suited to fill the void.

Cyberattacks have become a daily occurrence. While the major attacks that make the news headlines are a bit rarer, companies are being breached all the time. As a cyber defender at an organization, this may seem like the only time that you get attention from management, and it's not the type of attention that you really want.

However, it is definitely possible to get the right type of attention for your efforts. The cybersecurity industry is suffering a major skills gap, with an estimated 3 million unfilled positions at the end of 2018. Organizations need their cyber defenders, and the key to getting the respect that you deserve is ensuring that you get credit for preventing attacks, not just blame for failing to.

Cyberattacks have become a daily occurrence. While the major attacks that make the news headlines are a bit rarer, companies are being breached all the time. As a cyber defender at an organization, this may seem like the only time that you get attention from management, and it's not the type of attention that you really want.

However, it is definitely possible to get the right type of attention for your efforts. The cybersecurity industry is suffering a major skills gap, with an estimated 3 million unfilled positions at the end of 2018. Organizations need their cyber defenders, and the key to getting the respect that you deserve is ensuring that you get credit for preventing attacks, not just blame for failing to.

Once the security team has a good feel for the scope and details of a particular threat, it’s time to eliminate it. This process includes everything from removing the infection from the affected computers to lifting the quarantine to testing that machines properly return to normal operation.  Once a threat has been handled, it’s also important to ensure that it can’t happen again, so cybersecurity analysts may be expected to design detection rules, perform patches, or take other actions to close the vulnerability that allowed the attack to succeed in the first place.

The SMU Online Master's Degree in Cybersecurity offers a clear pathway to leveraging your cybersecurity talent. To learn practical cybersecurity management skills from top industry professionals in the program, visit our website or contact us.