author photo
By Devon Warren-Kachelein
Thu | Sep 23, 2021 | 10:10 AM PDT

When you think of the U.S. Secret Service, a certain image might come to mind of men in dark suits, dark glasses, and an earpiece who serve as bodyguards to the president. Agents that specialize in physical security. 

But did you know the Secret Service is deep into cybersecurity, too? This includes the fight against ransomware. 

Assistant Director of the U.S. Secret Service, Jeremy Sheridan, just sat down for an interview during the SecureWorld Great Lakes virtual conference. His unique insights around cybersecurity-related topics shine a light on ransomware risk for organizations, government agencies, and the public.

secret-service-fireside-chat-screenshot

The evolution of the Secret Service

The origin of the Secret Service is rooted in protecting the nation's financial institutions. In a strange twist of fate, Abraham Lincoln signed the Secret Service into existence in 1865 on the day he was assassinated. Their initial purpose was to investigate financial fraud since, at the time, nearly one third of the nation's currency was estimated to be counterfeit.

From their incorporation as a part of the U.S. Treasury Department, the Secret Service has investigated a wide breadth of issues. Cyberattacks now fall into its jurisdiction.

This ranges from Secret Service agents discussing elements of cyber hygiene with those they protect to tracking down cybercrime fugitives.

The Secret Service and the ransomware battle 

With the ongoing surge in ransomware attacks, Sheridan says the impacts are growing. 

"What's at stake is disruption. Increasingly complex and destructive consequences related to ransomware attacks; certainly an increase in amount of financial loss that's being incurred, but also kinetic and real world effects." 

And the actors organizing these attacks are smart.  

"Our biggest challenges are against the Bill Gates and the Steve Jobs of these transnational organized groups. They're highly organized, they are very proficient in a leadership capacity. And this is what's at stake, is their ability to continue to get better at those skills," Sheridan said.

Considering the rise and sophistication of ransomware attacks today, strategies to get ahead of ransomware are critical. We are pinpointing six insights from Sheridan that could help us collectively mitigate the ransomware threat.

6 ways to hack the ransomware puzzle

1. Start reporting incidents if you don't already

Reporting incidents gives the government and organizations a more accurate way to judge the scope of this problem.

"We feel that if a payment decision is made, and again, [that's an] individual organization decision, it should be accompanied with reporting to law enforcement. And one of the biggest challenges we have: It's well known that the ransomware crimes that occur, even those that we know, are vastly underreported. The latest estimates are around 20% of actual ransomware instances get reported to law enforcement or insurance or regulators," Sheridan said.

He said people generally feel a hesitancy to report when an attack has taken place, but with so much underreporting, it's difficult to understand the big picture.

2. Review your organization's mitigation plan and solve for weaknesses

A key element to the rise in ransomware attacks stems from how unprepared many organizations are. Sheridan says preparation begins long before a potential attack.

"It starts with having a robust strategic plan that focuses on risk management. Within that, it's four categories: preparation, updates, protection, and backups. Preparation for us is an incident response plan that is highly communicated, that incorporates all internal and external, and selfishly external. I would say law enforcement entities related to your incident response plan, those relationships established ahead of time, so that there's a rapport, there's a level of trust, there's a channel of communication that's understood prior to an incident occurring, that it's communicated across all of those affected entities."

Testing is also an important part of risk management, and this is integral to successful risk management plans.

"I have a colleague who says real estate's about location, location, location. Cyber defense is about test, test, test."

3. Familiarize yourself and your organization with cyber insurance

While Sheridan was discretionary about what he shared on this topic, he did explain how the Secret Service would like to work with insurers in the future.

"There's sometimes a hesitancy to call law enforcement because the perception is we have a role in that—our role is really focused on catching the bad guy. And we want to partner with cyber insurance in order to share that information that will allow us to do that. I think it's important to consider for individual organizations the benefits of cyber insurance.”

On top of the benefits of considering a cyber insurance plan, Sheridan also suggested regulations with cyber insurance could be helpful.

"I think we can get to the point where it's similar for a ransomware event, if you're going to have insurance coverage, and payment or reimbursement from the insurance company, to have a reporting requirement to law enforcement would be very beneficial," he said.

4. Increase information sharing

Our SecureWorld Advisory Councils have been asking for more information sharing between the private and public sector for years. Sheridan says this is a key part to overcoming ransomware. 

"There's no way we can be effective in the space to assign attribution and consequence to the ransomware actor without robust information sharing from the private sector, even from academia, in order to get better. Other government entities [too], and that applies domestically and internationally. These ransomware actors are a transnational organized group as a whole. And without partnerships overseas that we are developing and continue to strengthen, we won't be effective in this space."

5. We still have things to figure out when it comes to cryptocurrency

"What our perspective is is somewhat of a contradiction about regulation, the need for regulation, but the concern about overregulation. So certainly the anti-money laundering and knowing your customer laws are vital. The Anti-Money Laundering Act of 2020 is essential in this space in order to be effective for us for attribution, for understanding the adversary, and having increased information." 

6. Build allyships with colleagues, organizations, law enforcement, and government agencies

It's easy to let the people part of the puzzle fall to the wayside, but in the battle against ransomware there is one common denominator: unless you're a bad actor, you want to see problems solved, not caused. One of the best ways to ensure we conquer cyberattacks, as a nation and in the world, is by working together.

This includes working interdepartmentally to make sure teams at your organization have proper training to deter accidental leaks or attacks, as well as to build trust with your cybersecurity team.

"I want to highlight something I do think gets overlooked as it relates to protection is the people piece. People are the first line of defense.... It's really important to have people involved in this process, to communicate with them their role, their potential for vulnerability, but also train and equip them to prevent any type of incident from occurring."

Sheridan also offered his expert opinion about cryptocurrency, where ransomware attacks stemmed from, and so much more that cybersecurity professionals at all levels will find useful.

[RESOURCE: We just wrapped on the Great Lakes conference, but catch the Ransomware in 2021: 31 Leak Sites, 2,600 Victims Remote Sessions webcast. Register now and earn your CPE credit.]

Comments