Kurtis Minder, CEO of threat intelligence firm GroupSense, has received a lot of press as a top negotiator in ransomware cases. But he’d rather you not hire him to negotiate. Instead, he says, he’d much rather you stop the ransomware attack before you’d ever need to call him in.
Harvard’s Belfer Center on Friday published a unique paper where U.S. and Russian researchers separately explained their nation’s perspective on a potential negotiation, what both sides actually want, and what would benefit both sides. SC Media spoke to one of the featured researchers.
National cyber director nominee, Chris Inglis, pointed to three ways that more widespread adoption of cyber best practices could take hold: “One is enlightened self interest; that’s apparently not working. The second is market forces; that’s apparently not working. And the third is some imposition of standards or regulation on top of that.”
The hearing touched on the internal and external debates that face most executives during a crippling cyberattack: How fast should a company act, and what decisions should be made internally versus in consultation with external advisers or the federal government.
The Department of Homeland Security announced Tuesday that it will partner with vulnerability disclosure platform Bugcrowd and government technology, environmental and safety services contractor EnDyna to provide a civilian agency vulnerability disclosure program platform.
The announcement is compelling, as the public and private sector alike struggle to manage the response to a recent surge of ransomware attacks. More frequent recovery of funds after a ransom payment could shift the risk dynamic associated with these attacks for the business community, while also removing the financial incentive for attackers.
Comments Wednesday were the most coordinated and forceful the White House has been about Russia allowing cybercrime within its borders. Cybersecurity leaders see this as progress toward more formidable moves from the administration.
ReFirm provides drag-and-drop automated firmware analysis, which Microsoft hopes will provide security insight for industrial IoT products, where security personnel often struggle to look inside built-in hardware.
Researchers called the move a sign that criminal hackers as lone wolves is long over. Instead, defenders are up against hacker ecosystems working in concert.
The string of incidents leaves many in both public and private sector questioning how government and industry alike can better tackle increasingly glaring security gaps throughout critical infrastructure.
