In recent times, various industrial sectors face an increased risk of ransomware attacks, as supply chain constraints intensify the pressure to deliver essential components, agricultural products, medical supplies, and other critical goods. A case in point is the March 20 attack on Sierra Wireless, a Richmond-based IoT device provider, which resulted in a temporary production shutdown until March 26.
Kent Thexton, President and CEO of Sierra Wireless, addressed the incident during the company’s fiscal first-quarter earnings call in May, stating that the attack seemed confined to internal systems and the website. This incident underscores a dilemma faced by private sector companies: whether to pay a significant ransom to criminal actors or risk severe brand damage and disruptions to the supply chain. To mitigate such risks, businesses can implement precautionary measures, including data backup and plans for manual operations. However, challenges arise as some businesses either neglect these options or struggle to justify their effectiveness. Paul Proctor, Distinguished VP Analyst at Gartner, emphasizes the importance of executives collaborating with security and risk professionals to make informed decisions in preparation for potential ransomware scenarios.
Chris Rouland, Founder and CEO of Phosphorous Cybersecurity, highlights concerning trends in cybersecurity, with almost half of analyzed firms using default credentials and a significant portion of devices using outdated firmware. The current cyber threat landscape is described as the most challenging by Rouland, emphasizing the low risk for cybercriminals.
Sierra Wireless attributed its ransomware attack to Ragnar Locker, as reported during the earnings call. While details of the attack method, ransom amount, and payment status were not disclosed, the incident prompted $5 million in direct costs and an $18 million indirect impact for Sierra Wireless.
Law enforcement traditionally advises against ransom payments, yet corporate executives often prioritize maintaining operations, especially during supply chain bottlenecks. A report by Neustar International indicates that 60% of companies surveyed would consider paying ransom, with 20% willing to pay over 20% of their annual revenue for recovery.
In the agricultural sector, the ransomware attack on JBS, the world’s largest meat supplier, highlights cybersecurity risks in the often-overlooked food supply chain. The agriculture industry has been a target for years, with recent threats linked to international trade tensions and concerns about food security.
To address these challenges, the Biden administration issued an executive order aimed at standardizing cybersecurity practices in critical industries. The move comes in response to a series of ransomware attacks that exposed the lack of minimum standards and practices necessary to protect industries from extended disruptions.
