CLEVELAND — A high-profile move by a major company sets a bad precedent for cyber security across America, according to experts in Cleveland.
Meat supplier JBS revealed it paid $11 million to cybercriminals who attacked the company with ransomware. We recently learned Colonial Pipeline did the same thing after it was hacked, paying the ransom in Bitcoin.
That’s exactly what the government is asking companies not to do, according to Juscelino Colares, the Schott-van den Eynden Professor of Business Law at Case Western University.
“The Department of Justice…has advised companies not to pay,” he said.
As the world watches President Joe Biden prepare for his first G7 summit, and a high-profile one-on-one with Russian President Vladimir Putin, Colares says we can expect to see the U.S. take a tougher stance.
“President Biden will go beyond just warnings,” he said, “because warnings clearly have not worked.” Colares says going beyond could include tougher sanctions or retaliatory cyberattacks.
As for the attacks themselves, Executive Director at CWRU’s Institute for Smart, Secure and Connected Systems Nicholas Barendt said, “the expectation is we are going to see more of these and they could become even more critical.”
Barendt told News 5 that companies will need to consider both vulnerabilities in their systems and their staff. That means making sure every employee knows what a phishing email looks like, and not to click on any suspicious links.
“There’s only two kinds of companies,” he said. “Companies that have experienced a cyberattack or ones that will.”
As our technology continues to advance, experts caution we’re only as strong as our weakest link. Take, for example, the Target hack that happened back in 2013. Barendt said those hackers took a very roundabout approach to accessing credit card information.
“The attack vector was later proven to be the heating and cooling system, allowing the attackers to gain a foothold in the IT infrastructure and then move sideways through the system into the payment processing environment," Barendt said.
One way forward for cybersecurity could be happening right here in Cleveland. The Northeast Ohio Cyber Consortium is a member-driven organization of for-profit and non-profit companies. They meet regularly to talk about threat sharing and incident response.
Download the News 5 Cleveland app now for more stories from us, plus alerts on major news, the latest weather forecast, traffic information and much more. Download now on your Apple device here, and your Android device here.