"There had been an increase in the UK in terms of cyber attacks, between June and February this year," he said, noting that distributed denial-of-service (DDOS) attacks became particularly common. "However, over the last two months, I have had five-times less than at the end of last year."The third critical sign came Monday as the University of Calgary faced a digital state of emergency, with a malware infection forcing it to shut down most of its computing infrastructure and ask users to avoid using university-issued PCs. As the school continues its recovery from the attack, it’s too soon to know how the infection started, how it spread, whether it was ransomware, or if it was a targeted attack. These are all questions that will likely receive some answers in the coming days and weeks. But what is worth noting is that the UofC malware attack came during a particularly busy weekend, as the school hosts an international academic event with more than 8,000 participants. It’s likely not a coincidence. It’s also clear that this kind of large-scale attack, as seen a few months ago when US healthcare provider MedStar was forced to shut down many IT operations to contain a ransomware infection, is on the rise.
Putting It All TogetherLooking carefully at some of the key signals from these three events, it’s possible to make some informed observations and predictions:
- With major, large scale banks investing heavily in cyber security and advancing their defensive posture, organized cyber crime groups are increasingly turning to new targets to maintain acceptable levels of criminal return on investment per attack. While we’ve seen evidence of a specific, nation-state backed campaign attacking the interbank SWIFT system, the targets to date have been banks with weaker cyber security defensive postures.
- As criminals turn to ransomware for better return on investment, large size organizations in healthcare and education will be the first, but not the last, to bear the brunt of this increased activities. Universities, in particular, present a tempting target for a number of reasons, including access to personally identifiable information (PII), intellectual property and infrastructure that can be used to attack others.
- In order to face these cyber threats, organizations must invest more in proactive measures, such as policy, governance and education, to reduce risk and improve reaction time, as well as invest in the right mix of technology to avoid silicon bias.