The U.S. military is on the offensive against ransomware. Cyber Command, a combatant command of the Department of Defense (DoD), has initiated offensive action to disrupt ransomware attacks against U.S. organizations.
Cyber Command unifies the direction of cyberspace operations, strengthens its capabilities and bolsters the DoD’s cyber expertise. This is the first acknowledgment by Cyber Command since the Colonial Pipeline ransomware attack in May that the DoD is targeting cybercriminals.
At the moment, details are missing on how they plan to safeguard critical infrastructures. Nevertheless, healthcare covered entities must pay attention and implement their own proactive actions to remain HIPAA compliant and secure protected health information (PHI), including when sending HIPAA compliant email.
The trouble with ransomware
Ransomware is malware (or malicious software) used to deny a victim access to a system until a ransom is paid.
RELATED: To pay or to not pay for stolen data
Victims can download malware through phishing emails that include malicious attachments or fraudulent links. And sometimes, cybercriminals move beyond encryption by exfiltrating and leaking data if a ransom is not paid.
In August, Eskenazi Health had stolen PHI posted on the dark web; the hospital did not pay a ransom. And unfortunately, ransomware attacks can be detrimental to critical infrastructures and the people that rely on them. Panic developed after the Solar Winds and Colonial Pipeline data breaches, which is part of the reason why the U.S. wants a united front against cyberattacks.
U.S. government intervention
Several recent ransomware attacks caused the U.S. government to act and intervene.
SEE ALSO: U.S. government united against ransomware attacks
The Justice Department recently formed a new task force to address the rise in ransomware. The Department of Homeland Security launched a multi-phase cybersecurity initiative. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) have even ramped up information campaigns.
RELATED: U.S. launches one-stop ransomware resource
Now we have the U.S. military and Cyber Command acknowledging the issue. According to General Paul Nakasone, head of Cyber Command and director of the National Security Agency (NSA), the “government is taking a more aggressive, better-coordinated approach against this threat, abandoning its previous hands-off stance.”
Why offense is good defenseThe Cyber Command acknowledgment signals a transformation in strategy. An offensive strategy goes on the attack and outmaneuvers while a defensive strategy anticipates and blocks. Actually, the government has been on the offensive against ransomware for several months by:
- Cutting sources of funding
- Indicting extortionists
- Sanctioning cryptocurrency accused of laundering money
This new strategy, however, signals that the U.S. military is willing to attack all criminals, not just known nation-state threat actors who pose as threats.
RELATED: Hackers hit healthcare and others with cyber espionage
The new approach focuses on finding threats before they attack, shutting them down before they do damage. Nakasone plans to get inside criminal networks to “identify and potentially neutralize attacks on the U.S.”
Combatting strategy at an organizational level
On an organizational level, it is best to approach cybersecurity from both an offensive and defensive position. Offensive actions mean using threat intelligence and threat hunting before threats become a problem.
RELATED: What are indicators of compromise?
This means figuring out potential vulnerabilities and weaknesses before they are exploited. For healthcare, that means performing a HIPAA risk assessment and penetration testing. In fact, Paubox’s Zero Trust Email feature is a great offensive approach because zero trust security assumes that everyone is a risk.
SEE ALSO: The U.S. needs zero trust security for email
Then while on the offense, defensive measures must remain in place. Needed access controls include a strong password policy and multi-factor authentication. It is also necessary to regularly audit and monitor for suspicious activity. And for a good offense and defense, up-to-date and continuous awareness training of all new and possible threats.