Cyberthreats are global in nature. While it’s true that your clients face threats from the stereotypical computer whiz kid (or man-child in his mom’s basement), it’s much more likely that the enemy at the gate comes from overseas. In fact, in many cases, cybercrooks operate with support—or at least a blind eye—from the nation-states in which they reside.
Cyberattacks Aren’t Always About the Money...
When it comes to cyberattacks, the bad guys have several different motives. Some are motivated by “borderless” political or ideological agendas. Hacktivists, for example, execute all types of attacks—DoS and DDoS attacks, website defacement and a whole spectrum of other activities—over causes like free speech, religious perspectives, inequality, perceived injustice, environmental or pollution concerns, etc. And some hackers just like to cause chaos for its own sake.
... But They’re Usually About the Money
All this said, many cyberattacks—and certainly most that target SMBs (which are unlikely to draw the ire of hacktivists) —are motivated by money. In fact, SMBs are the targets of cyberattacks because they’re seen as an easy way for criminals to make money. Ransomware is the cyberattack that keeps most SMB owners and managers awake at night. It’s one of the most common forms of cybercrime. SMBs are targeted because they have fewer resources and less cybersecurity experience than larger businesses, making them more vulnerable to attacks. SMBs also are frequently caught in supply chain attacks, wherein hackers targeting bigger fish gain access through smaller, less-defended companies in the supply chain.
Russia at the Forefront of Ransomware
One of the biggest challenges facing companies on the cybersecurity front, as we discussed before, is that they’re global. That’s where the “cyber” part comes into play. Our amazingly interconnected world moves information in all forms—records, movies, currency, you name it—at the speed of light. That means that threats also move at the speed of light.
Within this (literally entire) world of possibilities, some regions are more notorious hotbeds of cybercrime than others. Russia and other countries in the former Soviet Union, for example. An estimated 74 percent of ransomware attacks last year were linked to Russia. And although Russia denies that it protects and conceals hackers, analysts report that there are telltale signs of Russian hacker involvement in ransomware attacks. Examples include:
- Ransomware code inclusions that protect computers located in Russia or other countries in the Commonwealth of Independent States
- Cybercrime gangs operate in Russia or use Russian-language forums
- Gangs linked to (allegedly Russian-based) Evil Corp
What it Means for Your Clients (and your MSP)
Here’s why the global nature of cyberthreats, and the concentration of ransomware activity from Russia in particular, matters:
- The problem is unchecked at the source. So far, the global nature of cybercrime has played to the bad guys’ benefit. No one’s been able to stop it at the source. Statistically speaking, cybercrooks have a greater-than-99 percent chance of getting away with their criminal activity. That means defeating (and protecting yourself from) the bad guys requires cyber resilience. Full stop.
- The problem is growing. Cybercrime, already a $6 trillion problem, is one of the fastest-growing industries in the world. Every day, new players enter the criminal market. Some have no technical expertise at all but are eager to make use of Ransomware-as-a-Service opportunities to partake in the global plunder.
- The Russia-Ukraine conflict is making the Russian problem worse. As the United States Cybersecurity and Infrastructure Security Agency (CISA) recent Shields Up advisory noted, global sanctions on Russia in response to its invasion of Ukraine have created greater Russian-based cybercrime risk and that “all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
The Bottom Line
The occasional headline about a ransomware recovery or the apprehension of a hacker group may give some clients the false impression (or hope!) that the cybercrime heyday is ending. The reality is the opposite of that. Cybercrime is a booming, global phenomenon that requires organizations to defend themselves. The ability to withstand an attack is no longer just a source of competitive advantage. It’s necessary for long-term survival.