As I write this blog, we’re a little over halfway through 2022. This year has certainly produced some significant surprises – several of which fall into the “what didn’t happen” category. Regardless, though, CTA continues its work to enable members to better protect their customers, aid in the disruption of malicious actors, and raise the level of cybersecurity across the digital ecosystem.
One surprise is that the rate of ransomware attacks appears to have declined for the first time in several years. Yet, if you look at the Ransomware Task Force’s year two report on the numbers (Institute for Security and Technology » RTF Year Two: New Map; New Data: Same Mission), while reported ransomware events in 2022 appear to be lower than for the same period in 2021, the number is still higher than any previous year. Further, the data makes clear that any company can be the target of a ransomware attack, regardless of region, size, or industry. Thus, ransomware continues to pose a significant threat to the digital ecosystem and forms one of the most likely threats an organization could encounter. In response, CTA has continued its work with the Ransomware Task Force, supporting efforts to implement the group’s recommendations and a retrospective look at the Task Force’s efforts over the past year. Despite other important events, we cannot shift our focus away from this key cyber threat.
Another surprise is how cyber activities have played out in the Russian-Ukraine war. The war has not resulted in on-going cyber-based attacks outside of Ukraine, nor have the Russians “unleashed the cyber dogs” to wreak havoc in the West. While the Russians have used their offensive cyber capabilities mostly in theater, those activities do not appear to have had a strategic effect on the conflict so far. On the flip side, the Ukrainians have mounted more effective defenses in coordination with private sector defenders than many expected, and they have managed to respond in cyberspace, using cyber capabilities to strike back at the Russians. While the Ukrainian attacks have not altered the course of the war, they have shown that the Russians are not the only ones capable of using these tools. CTA has supported efforts to bolster Ukrainian cyber defenses and it will continue to do so.
Yet a third surprise came from the pandemic, as it forced a delay in the RSA USA conference from February to June. As a result, CTA’s planned 5th birthday celebration had to essentially move on-line with our members providing a series of well-received blogs on the occasion. While we did not quite get to celebrate the way we anticipated, these blogs continue to be read even six months later, which is a good sign.
Despite these surprises, however, CTA managed to thrive in the first part of 2022, hitting several key milestones:
- Our members have shared more than 250 million observables, and they now often provide more than 400,000 IOCs per day.
- Our technical team has deployed a new dashboard for our automated sharing platform, generating new insights into our shared data.
- Three new companies have joined the Alliance (although two of these are still in the on-boarding process) and several more are in the final stages of becoming members, bringing our current membership to 35. These members are headquartered in 11 different countries.
- We were a non-profit sponsor for the RSA USA conference, and CTA staff have spoken multiple events, including 3 talks or panels at the RSA conference. As in past years, we are sponsoring the Billington Cybersecurity conference and the Virus Bulletin conference in September, the AVAR conference in December, and the CyberNextDC conference in the late fall.
- CTA continues to actively participate in the World Economic Forum’s Partnership Against Cybercrime, particularly supporting the ATLAS project – an effort to understand the criminal ecosystem at a much more granular level. If you think that you might want to contribute to this project, please reach out to me and I will connect you with the project managers.
For the second half of 2022, more surprises are likely in store. How will a more distributed work force affect organizational cybersecurity needs? Will Russia decide to use its capabilities to cause disruption in Europe and North America? Will ransomware attacks increase or stay at the same rate? The answers to these questions will almost certainly have unpredictable effects on cybersecurity, and the industry needs to be ready to adapt. CTA will be ready to use its collaborative sharing capabilities to help address whatever surprises come our way. Let’s hope the rest of the year turns out to be boring, at least in cyberspace.