Cybersecurity issues dominated the media in the first half of 2021, highlighting attacks explicitly utilizing ransomware—malicious software that prevents users from accessing their computer files, systems or networks and demands ransom payments to return data and access. Ransomware, along with significant data breaches, attacks on supply chains and vendors, and the subject of cybersecurity insurance, headlined the submissions to the Analytics, Intelligence & Response (AIR) track for RSA Conference in 2022.

The RSAC Program Committee reviewed thoughtful, analytical and entertaining recommendations to build the AIR track. We wanted not to avoid delivering repackaged cybersecurity discussions about good cyber hygiene as these can remind us of old, stale and boring donuts. Our goal was to deliver a sophisticated and thoughtful cuisine that will inspire innovation among cybersecurity and intelligence professionals. That said, the following themes of knowing your enemy, understanding the threats, the cost of a cyber event and virtual currency intelligence are ones that strongly emerged from this year’s submissions.

Who Is Our Enemy

The United States, Russia and China are at it again, and they seem to be the three that are always in the principal’s offices for fighting. However, the focus on these three superpowers underestimates the global sophistication of advanced persistent threats, usually nation-states and threat actor groups. Our enemy is digital, with minimal attribution to a country of origin. Therefore, intelligence professionals need to look at holistic information security program development, information sharing strategies and collaboration with Information Sharing and Analysis Centers (ISAC) and other peer groups. Threat actors cooperate very well and have built cooperative networks to execute some of the most severe hacks in recent times, such as Kaseya, SolarWinds and the exploitation of Microsoft vulnerabilities. Threat actors are working together as a winning team. Subject matter experts captured this theme in several thoughtful proposals to identify, detect and prevent emerging and sophisticated enemies. 

Understanding the Threats

Ransomware attacks are increasing, highlighting attacks on operational technology (OT) infrastructures that disabled operations at Colonial Pipeline and JBS Foods. The severity of these attacks resurfaced cyberthreat intelligence strategies such as “Zero Trust” and “Defense in Depth.” The significant takeaway is that ransomware is not our only threat. We will need to prepare for advanced identity theft with massive data breaches, pandemic fraud, bot attacks, distributed denial of service extortion attacks and so much more.

Industries such as healthcare and education have traditionally been the biggest targets for ransomware attacks. Still, new findings have shown that telecommunications companies, managed security service providers and manufacturing industries are now more targeted than government offices for ransomware and data theft. 

A Costly Enterprise

Security is expensive, and it is even more costly if a company is hit with a cyber event. But what happens after a company or organization recovers from an attack? Industries are experiencing complications with cybersecurity insurance, impacted by enforcement actions from state and federal regulators and consumer protections such as credit monitoring and identity theft monitoring services. 

The term “cyber hygiene” is used in most conversations to bundle up good patch management, a healthy asset inventory or periodic assessments and vulnerability tests. However, for cybersecurity insurance carriers, the term carried even more weight. According to the mid-year 2021 Global Cyber Market Update from Arthur J. Gallagher & Co, conditions in the cyber-insurance market during the first six (6) months of 2021 were even more challenging than many anticipated.

The wave of ransomware incidents created a lightning rod in the cyber-insurance market, imposing significantly less coverage at higher costs, narrowing the scope of coverage terms with increased underwriting scrutiny and significantly increasing rates. Subject matter experts have opened up the networks to offer insightful panel discussions of the impacts of the proliferating breaches and consumers’ demand for privacy and control of their data. 

Follow the Money or the Virtual Currency

A year that observed unprecedented lockdowns and economic slowdowns also saw Bitcoin prices reach new highs. Bitcoin is one of many virtual currencies used as a medium of exchange by individuals and merchants worldwide. However, does the ascent of virtual currency schemes pose a significant fraud risk to users? How will victims of data theft pay the ransom to restore systems or retrieve data if the threat actor is a sanctioned entity by anti-money laundering (AML) or counterterrorist finance (CTF) and sanctions risks?