To stop the ransomware pandemic, start with the basics
That will help stop other sorts of cyber-mischief, too
Jun 19th 2021
Twenty years ago, it might have been the plot of a trashy airport thriller. These days, it is routine. On May 7th cyber-criminals shut down the pipeline supplying almost half the oil to America’s east coast for five days. To get it flowing again, they demanded a $4.3m ransom from Colonial Pipeline Company, the owner. Days later, a similar “ransomware” assault crippled most hospitals in Ireland.
Such attacks are evidence of an epoch of intensifying cyber-insecurity that will impinge on everyone, from tech firms to schools and armies. One threat is catastrophe: think of an air-traffic-control system or a nuclear-power plant failing. But another is harder to spot, as cybercrime impedes the digitisation of many industries, hampering a revolution that promises to raise living standards around the world.
The first attempt at ransomware was made in 1989, with a virus spread via floppy disks. Cybercrime is getting worse as more devices are connected to networks and as geopolitics becomes less stable. The West is at odds with Russia and China and several autocracies give sanctuary to cyber-bandits.
Trillions of dollars are at stake. Most people have a vague sense of narrowly avoided fiascos: from the Sony Pictures attack that roiled Hollywood in 2014, to Equifax in 2017, when the details of 147m people were stolen. The big hacks are a familiar but confusing blur: remember SoBig, or SolarWinds, or WannaCry?
A forthcoming study from London Business School (lbs) captures the trends by examining comments made to investors by 12,000 listed firms in 85 countries over two decades. Cyber-risk has more than quadrupled since 2002 and tripled since 2013. The pattern of activity has become more global and has affected a broader range of industries. Workers logging in from home during the pandemic have almost certainly added to the risks. The number of affected firms is at a record high.
Faced with this picture, it is natural to worry most about spectacular crises caused by cyber-attacks. All countries have vulnerable physical nodes such as oil pipelines, power plants and ports whose failure could bring much economic activity to a standstill. The financial industry is a growing focus of cybercrime: these days bank robbers prefer laptops to balaclavas. Regulators have begun to worry about the possibility of an attack causing a bank to collapse.
But just as costly is the threat to new tech as confidence in it ebbs. Computers are being built into cars, houses and factories, creating an industrial “internet of things” (iot). Insights gleaned from oceans of data promise to revolutionise health care. In theory, all that will boost productivity and save lives for years to come. But the more the digital world is plagued by insecurity, the more people will shy away from it and the more potential gains will be lost. Imagine hearing about ransomware in someone’s connected car: “pay us $5,000, or the doors stay locked.”