Buried in the avalanche of recent cyber attacks, there is good news and bad. Ransomware attacks, which paralysed many organisations — from parts of the UK’s National Health Service to the German railway and major manufacturers — illustrate how acting on good threat intelligence and sensible advice, such as updating and patching software, can avoid major damage. The attack was an example of the crude new business reality: most companies should aim to raise the cost to attackers and make them look for victims elsewhere.
On the less positive side, the response to such incidents reveals we are not yet matching the scale and sophistication of organised cyber criminal groups, particularly when nested in or directed by acquiescent states. The first step is to take them seriously as businesses and to view them as the malevolent version of disruptive competitors, rather than old-fashioned criminals. The reality is that they often understand how the digital economy works better than the companies they are attacking.
Thanks largely to US law enforcement, we know a lot about these criminal groups and how they operate. They have business models, product lines and targets that would make Harvard Business School proud. They even understand customer service and have helplines on the dark web; if the managed cyber attack capability you have purchased does not deliver, you can, in theory, ring up and complain.