CyberWire Daily - CyberWire Pro Interview Selects: Bill Wright of Splunk.
Episode Date: December 28, 2021During our winter break, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a cura...ted selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. On this episode, the interview originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Bill Wright of Splunk on the ongoing geopolitical ransomware trend. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Bill Wright is Director of Federal Affairs at Splunk
and formerly Staff Director for the Homeland Security
and Governmental Affairs Committee for the U.S. Senate.
I caught up with Bill Wright recently for his take
on the seemingly relentless march of ransomware
and what he thinks might be done to slow the pace. The question I'm often asked is, you know,
is ransomware increasing or are the attacks just more high profile? And, you know, I'd say both.
Certainly, Colonial made the effects of ransomware feel much more visceral for the public that wasn't
following these trends closely or wasn't
listening to your podcast daily. So I think at least a year and a half ago, ransomware was really
seen primarily as what I would call a nuisance cybercrime. It hit schools, hospitals, businesses,
sure, but the disruptions were considered pretty isolated. No one was known to have died,
and the ultimate effects
were limited primarily to those entities that were hacked. Then came Colonial Pipeline,
disrupting nearly half of the East Coast's fuel supply, quickly followed by another attack that
threatened the nation's largest meat supplier, JBS. And then, of course, Kaseya last month, along with many
countless others that maybe didn't make the headlines. So it quickly moved from an economic
nuisance to a national security, public health, safety threat. And I think that's the way our
government is treating it now. I'm sure you've noticed the tenor of the conversations has changed. Then you add to that the commoditization of ransomware. So ransomware as a service, ransomware as a service has really opened up ransomware to the criminal masses. So this model has drastically lowered that barrier of entry for criminals.
Technologically, you no longer have to be particularly sophisticated or savvy. So all
those liberal arts majors like myself that ever wanted to try their hand at cybercrime
can now get in the game. Also, the software has become increasingly reliable. This is the ransomware
software. Those days of relying on bugs in the code or cryptographic mistakes are largely gone.
You know, we've had the public statements from President Biden, you know, where he has
said that he's spoken with President Putin about this issue and
are trying to apply diplomatic pressure and so on. Are we seeing any effects from that?
Has there been any change since we've seen those public declarations that this is important?
First off, threshold matter, I think that that public declaration
is very important. And also, this likely goes without saying, but there is no silver bullet
for this. Smarter people than me have been grappling with this problem. I thought a lot
of the ideas and some of the recommendations that came out of the ransomware task force
were interesting. And one of those was to publicly acknowledge
at a high senior level some of the problems around ransomware. The Biden administration,
I think, is taking some really good steps to help modernize our cyber defenses. The EO,
for instance, was a great start, among other things. If you read between the lines of the EO,
was a great start, among other things. If you read between the lines of the EO, I think there's really broad recognition that security is first and foremost for us a data problem. The life cycle
of a threat response is relying on data to detect a threat, monitor for impact, find a solution,
prepare for that next attack. So at its core, and as we like to say here at Splunk,
all data is security data. And I think the EO goes a long way to recognizing that.
So the way I look at it is clearly organizations themselves need to better defend themselves. We
need to improve our defenses, get those basics right, quite mundane
cyber hygiene, but ubiquitous multi-factor authentication, patching our systems in a way
that prevents actors from exploiting those known vulnerabilities, a well-practiced response plan
accompanied by backups and offline systems can help you react and restore.
These should be really the basic blocking and tackling for any security organization.
But I think that our response needs to be not just from organizations.
It needs to be a comprehensive, holistic approach from our government. And certainly we have the organizations themselves and the agency themselves has a role to play
in the improving the defenses portion.
But we really also need to go after their business model.
We mentioned ransomware as a service has really opened it up to the masses.
DarkSide, I think, is a classic example of this ransomware
as a service criminal gang, but that is primarily being run outside of U.S. authorities. Some would
argue, including DarkSide themselves, that they were not even directly responsible for those
colonial attacks. They're certainly responsible as creators and operators of this ransomware as a
service. So we need to find a way to go after that business model. There's a number of things being
considered, policy considerations around what we do about cryptocurrency reporting, requirements
on acknowledging ransomware payments. There's a number of ideas that are circulating now.
And then I think the last leg of this stool for going after ransomware is that the U.S.
government and our allies really need to take a more aggressive approach against the ransomware
actors wherever they might reside.
against the ransomware actors, wherever they might reside. Until they feel the pinch,
this criminal business model is going to continue to grow. So to circle back to your original statement about Biden and Putin, I think this was an excellent start, but I think it is part
of a holistic strategy across the government and across the whole of society, frankly.
What about for those small and medium-sized businesses who might not have the resources to
have full-time cybersecurity people on staff? To what degree is this a responsibility they need
to take on for themselves? And to what degree should they
turn to the government to assist? Yeah, I think first and foremost,
improving your defenses, whether you are a small business or a large business. When it comes to
basic cyber hygiene, I think we can all do a better job. There are some regularly accessible
steps and products that you can deploy even as a
small business. So I'm thinking multi-factor authentication, having a good plan in place to
patch, have a response plan, and backups. Those are things that I think that any small business
or medium-sized business would be able to handle.
I don't think that we're going to be able to rely on the government to protect us all against this.
It's a shared responsibility, and we each have our part.
That's Bill Wright from Splunk.