Every nation outside of Russia has been under attack from Russian mercenary groups for over a decade. In the news they’re typically referred to as “ransomware gangs”. This is a euphemism. The reality is that these groups all have ties back to FSB or other parts of the Russian military structure. They operate with the approval of the Russian government, and they attack Russia’s adversaries. They attack civilian infrastructure indiscriminately, disabling power, water, logistics, schools, hospitals… they don’t care what the damage is, they don’t care if people die because of their actions.
NotPetya is the classic example. That was 8 years ago. Since then the frequency and scope of attacks has increased.
It seems like we also don’t care what the damage is or else we would make at least some effort to secure our IT systems. Of course the robber should be blamed but those who leave their doors wide open are guilty too. If we care so much about the consequences of ransomware attacks, why do we not act and avoid shitty software that only compromises security and instead built more resilient systems?
The US government stepped up it’s Cyber security under Obama. And until now they’ve had an open offer for anyone with basic cyber security certs to get a government job auditing companies and begging them to put modern security practices into place.
Every nation outside of Russia has been under attack from Russian mercenary groups for over a decade. In the news they’re typically referred to as “ransomware gangs”. This is a euphemism. The reality is that these groups all have ties back to FSB or other parts of the Russian military structure. They operate with the approval of the Russian government, and they attack Russia’s adversaries. They attack civilian infrastructure indiscriminately, disabling power, water, logistics, schools, hospitals… they don’t care what the damage is, they don’t care if people die because of their actions.
NotPetya is the classic example. That was 8 years ago. Since then the frequency and scope of attacks has increased.
It seems like we also don’t care what the damage is or else we would make at least some effort to secure our IT systems. Of course the robber should be blamed but those who leave their doors wide open are guilty too. If we care so much about the consequences of ransomware attacks, why do we not act and avoid shitty software that only compromises security and instead built more resilient systems?
Any security system is only as strong as its weakest link.
Typically that is the humans operating within it.
The US government stepped up it’s Cyber security under Obama. And until now they’ve had an open offer for anyone with basic cyber security certs to get a government job auditing companies and begging them to put modern security practices into place.
Trump shut them down.