TDWI | Training & Research | Business Intelligence, Analytics, Big Data, Data Warehousing

Executive Q&A: Cyberattack Warnings and Trends

Are cyberattacks more common over holiday weekends? What do you need to know about cybersecurity trends? Industrial Defender CEO Jim Crowley shared his insight with us.

• By James E. Powell
• October 4, 2021

As widespread cyberattacks make the news, the U.S. government is issuing warnings and passing new legislation. We spoke to Jim Crowley, CEO of operational technology security company Industrial Defender, to get his professional perspective.

For Further Reading: Ransomware Increasingly Targeting SMBs and Impacting Individuals, Say Experts Increased Frequency of Cyber Attacks Forces Companies to Develop Smarter Cyber Recovery Initiatives UEBA: Protecting Infrastructure with the Help of Behavioral Analytics

Upside: The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) put out a cyberattack warning for Labor Day. Was this warning warranted given that no major security event actually occurred?

Jim Crowley: I believe the warning to be especially diligent about cybersecurity over Labor Day weekend was warranted, given the timing of successful ransomware attacks the U.S. has faced in 2021. Both the Kaseya and JBS ransomware incidents happened over holiday weekends (the Fourth of July and Memorial Day), so it's reasonable for CISA to assume that Labor Day could be the next prime time for a cyberattack. After no major event happened, one could even infer that the warning to be extra vigilant may have been effective.

There's a trend of ransomware and cyberattacks occurring during long weekends and holidays. Can you explain why this is?

Security practitioners are humans. The distraction of holiday plans with friends and family, as well as additional time out of the office, leads to a less vigilant cybersecurity team. Cyberattacks take time to spread throughout a network, and the more time they have to go undetected, the more likely they are to succeed. Couple that with the decreased staff to respond to an attack, and it can be incredibly difficult for a target company to avoid becoming a victim during a long weekend.

Can you provide a few examples of cyberattacks that have taken place in the last year during a holiday?

Energy supplier Colonial Pipeline suffered a serious ransomware attack going into the weekend of Mother's Day, disrupting fuel supplies in the Eastern U.S. Over Memorial Day weekend, meat producer JBS was attacked, stopping all work at a large network of plants until the company paid an $11 million ransom. The attack on software firm Kaseya that caused downtime for 800-1,500 organizations hit at the beginning of the Fourth of July weekend.

There are numerous holidays coming up in the next few months. What are you predicting will happen during these holidays? Do attacks in previous years give us any indication about what might happen this year?

The holiday attacks are one trend to focus on, but the larger trend is the number of attacks coming at us on a daily basis. Not every attack is reported, and the most likely source of remediation data would be from insurance companies paying out on cyber insurance policies, but I believe the volume of attacks is staggering.

How can companies protect themselves from being a victim of an attack in general, and are there special steps that should be taken for holiday closures?

Companies should be vigilant all year round, not just during holidays. If you apply foundational security controls from common standards like the NIST Cybersecurity Framework or the Center for Internet Security (CIS) standards, you'll be in a much better position when a holiday comes around.

Before a holiday closure, security teams should review event logs for any suspicious activity, apply critical patches if possible, and keep a few additional staff on call, just in case. It's also a good idea before a holiday to issue employee communications reminding them to stay vigilant and not click on any suspicious links.

Would you say cyberattacks are on the rise? Why is this?

I would say cyberattacks that result in operational impacts are on the rise. Hackers have been quite active over the past decade stealing information such as consumer data and intellectual property, but now their intent is morphing beyond just intelligence-gathering to much bolder attacks, including extortion through ransomware and acts of terrorism such as poisoning the water supply. This aggressive shift is most likely caused by increasing geopolitical tensions with nation-states such as Russia, China, and Iran, who are carrying out acts of asymmetrical warfare on the U.S. and the West as a whole.

What's your opinion of Biden's new infrastructure and cybersecurity bill? Do you expect it will reduce ransomware and other damaging cyberattacks in the short term? In the long term?

If the funds from the bill are appropriated properly, then I do believe we could see a decrease in successful cyberattacks in both the short term and the long term. The challenge is going to be ensuring that the agencies dispersing these funds require the implementation of a measurable security program based on a common standard that includes foundational cybersecurity controls. Providing funding only for information sharing or threat modeling would be a big mistake. You don't invest in expensive surveillance cameras without installing locks on your doors and windows first, and the same principle holds true for cybersecurity.

The bill could also be improved by adding cybersecurity grants for companies who aren't in the utility sector, but that invest in and measure themselves against a government-approved standard. Although much of the United States' critical infrastructure is owned by private industry, they are the victims of this geopolitical climate, and the government should provide incentives to help secure these assets.

Anything else you'd like to add?

We are in (and have been engaged in) a cyber war with adversarial groups supported or condoned by nation-states. We should consider policies and actions that will help us achieve a cease fire, truce, and then treaty so the cyber pillaging stops.

[Editor's Note: As Industrial Defender's CEO, Jim is passionate about the company's mission and focus on protecting critical infrastructure. A seasoned technology executive with over 20 years in the information security space, Jim has helped build companies including Imperva, Threatstack, and SecurityMatters into high growth organizations. Jim started his career as an industrial sales specialist for A.W. Chesterton company, a supplier of specialty chemicals, seals, and pumps, managing a territory in Northern New England that included shipyards, pulp and paper, textiles, auto parts manufacturers and power plants.]