Digital trade show DTX Manchester will be taking over the Manchester Central convention complex on Wednesday and Thursday this week. Here keynote speaker Ciaran Martin previews what he will be telling delegates on Wednesday about cybersecurity
This month, I’ll be hosting a keynote session at DTX Manchester to discuss the top cyber security and technology trends of 2024.
These trends will focus on the traditional cyber security challenges we continue to face, plus the new technology issues which are keeping governments, chief information security officers (CISOs) and industry regulators gripped in heated debates.
From laws around the sale of IP to Chinese technology companies, the governance of the internet, election security, plus the, some might say, over-hype around generative AI, my session will cover ten cyber and technology trends, which will be at the forefront of 2024, and for many years to come.
Given the news around a cyber attack on a contractor of the Ministry of Defence, which exposed the data of thousands of personnel, the session will also be a pertinent time to discuss the evolving status of Beijing within today’s threat landscape.
Earlier this year, the FBI announced its discovery of the Volt Typhoon cyber espionage campaign, where Chinese state-sponsored actors are suspected to have broken into dozens of critical infrastructure organisations to spy on and steal sensitive data. These attacks aren’t surprising. China has been spying on the UK and US since the communist revolution of 1949, but the big issue is around the possibility of disruption. China now has the ability to cause real harm to society. Now that’s deeply concerning.
No evaluation on threat trends would be complete without a nod to cybercrime’s biggest money-spinner, so ransomware will also feature heavily during my session.
Ransomware plagues organisations today and while Russia continues to provide a safe haven for adversaries, we’re going to have to accept that.
We can’t hack our way out of the problem, and while law enforcement is making good progress with takedowns, we can’t stop these criminals from carrying out attacks or physically arrest them. The sanctions are just roadblocks. In reality, they place more pressure on victims than the actors themselves. Today, it’s perfectly legal to pay a ransomware gang that hasn’t been sanctioned by law enforcement, but it’s illegal to pay an actor who has been sanctioned. This is a blatant shortcoming that leaves the onus of legality completely on the victim.
Earlier this year I wrote for the Times proposing a ransom payment ban, which seems like the only feasible way to deter these actors. But a simple ban would never work, so the public and private sectors must collaborate to assess what an effective ban might look like.
Cybercrime dissolves the wall between the public and private sector; attacks on businesses today frequently have a societal impact. Look at Change Healthcare, the attack happened on a private organisation, but it cancelled medical appointments and compromised the healthcare data of one in three Americans. This made it a matter for government.
For a ban to work it needs to consider the private and public sector, otherwise, everything that the opposers predict about such bans will come true.
Could a government financial scheme incentivise organisations not to pay attackers? One theory is that the government pays ransomware victims money to help recover their systems. We know criminals don’t always delete stolen data after demands are paid, so why even bother paying? If the government provided a recovery fund to restore systems, this could support organisations and make paying demands completely unnecessary.
This idea is just a thought experiment, but to win the fight against ransomware actors, we need to defy the status quo and throw out the rule book.
Adversaries don’t play by the rules, maybe it’s time we did the same.
* Ciaran Martin is Professor of Practice at the Blavatnik School of Government, University of Oxford. He will be speakingat DTX Manchester on Wednesday May 22, with a keynote session on the top threats and technology trends of 2024
