Presented by
Protocol's experts on the biggest questions in tech.

With the increased focus of ransomware attacks in health care, what other sector or type of business should be on high alert?

With the increased focus of ransomware attacks in health care, what other sector or type of business should be on high alert?

Law firms, manufacturing companies and agricultural suppliers could be popular targets.

Corey Thomas

Chairman and CEO at Rapid7

In light of the recent CISA, FBI and Department of Health and Human Services advisory, it's important to understand why hospitals are being targeted in the wake of the pandemic. Despite having a massive collection of valuable, sensitive information, hospitals and health care services are often playing catch-up when it comes to their cybersecurity investments. This is important because hackers are focused on their own form of productivity, meaning they are more likely to target industries that give them the greatest return with the least amount of effort. Similarly, attackers are increasingly targeting other industries that have extremely valuable data or operational processes that would suffer greatly if interrupted.

One popular target is the legal sector, which is highly fragmented, with valuable data and security programs that are catching up. These firms should be on alert for similar attacks. On top of this, 100% of law firms surveyed around the globe had been targeted in a cyberattack, and with a $1 trillion market value, it's a prime target. The recent attacks against two law firms in Florida on Friday further emphasize how vulnerable this sector is.

Fortunately, many ransomware attacks are both avoidable and containable if organizations follow fundamental data and access segmentation, IT security and disaster recovery best practices. When building a defense plan, it's important to ensure your team is prepared to identify an attack before machines are affected and ransomware is executed. Once identified, you must have proper methods in place to contain threats early in the attack lifecycle and eradicate the threat — either on your own or with Incident Response retainers. Lastly, have a recovery plan set ahead of time so your team can get systems back to normal as soon as possible and ensure that a post-mortem plan is in place to take what your team has learned from the attack and improve security measures in the future.

Riana Pfefferkorn

Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society

We pay a lot of attention to the potential for attacks on critical infrastructure in areas such as energy (power plants, electrical grid, etc.), but I'm wondering whether we'll see an uptick on attacks in the farming and food production/supply chain, which is just as crucial to the continued running of society but perhaps less sexy.

The COVID-19 lockdown caused a lot of supply chain disruptions for both food and other consumer products, leading to bare shelves at unpredictable intervals for certain items in stores. This has revealed weaknesses that hint at further vulnerabilities; I would be unsurprised to learn that farming and food supply, like many sectors, are behind the curve on information security, despite being an area of critical infra. The simple experience of going grocery shopping during the pandemic has suggested to me that there is significant potential for intentional disruption by malicious actors — with ransomware being an obvious candidate for carrying out an attack.

Sanjay Beri

CEO and Founder at Netskope

Now more than ever, organizations must ensure that they're staying ahead of the evolving security landscape. Unfortunately, malicious hackers are taking advantage of this difficult time and launching dangerous and calculated ransomware attacks to the nation's most important enterprises.

Although the health care sector is often highlighted as an obvious target, educational institutions like universities and school districts remain one of the most vulnerable sectors. During the months of August and September alone, the University of Utah, the Hartford School District in Connecticut and Fairfax County schools all succumbed to successful ransomware efforts. We even saw the Yazoo County School District in Mississippi approve the payment of $300,000 to a company to help recover files lost from a suspected ransomware attack. Due to these efforts, schools have had to postpone classes and have deterred students from learning and growing.

As teachers, students, parents and school administrators navigate this time, they're being met with unprecedented tasks like providing students with proper e-learning equipment and are most likely having to rely on unsecured home networks. This combination allows cybercriminals to invade e-learning environments and cause absolute chaos.

In order to combat this, we must continue to partner with educational frontline workers and students, and provide them with the proper tools to reinforce proper cybersecurity hygiene that enables them to teach and learn securely. As we continue to live in an increasingly digital world, we need to train the next generation to stay vigilant and aware.

Marcus Fowler

Director of Strategic Threat at Darktrace

Public services and critical infrastructure providers — like health care organizations — have been forced onto the front line, and their vast digital infrastructures now present alluring targets for cyber-criminals looking to exploit digital vulnerabilities. The impact of successful cyberattacks on these institutions can jeopardize essential services — weakening our ability to manage the ongoing health crisis.

Cyber criminals are more sophisticated than ever, and while the primary purpose of ransomware groups, like Ryuk, are to make money, there is always a high risk of collateral damage, since attacks stop systems from working. Ransomware groups design their cyberattacks to cause enough disruption and financial distress to not just disrupt file access, but also to reach critical business operations, where harm will be immediately and acutely felt, to justify their plea for quick and high payment.

Some of the sectors beyond health care where we have seen ransomware actors active in October at Darktrace are manufacturing, real estate activities, and retail.

Of these, manufacturing is an area that should be on high alert. With the convergence of IT and OT environments, the potential to hold an entire manufacturing line hostage or cause multimillion dollar pieces of equipment to self-sabotage certainly are motivators for a quick and potentially exorbitant price. It is only a matter of time before we see criminal organizations move into the cyber-physical attack space.

Steve Grobman

Chief Technology Officer at McAfee

Sectors most threatened by ransomware are those with a high reliance on legacy technology that is inherently difficult to patch, upgrade or replace. This includes everything from government organizations using decades old software to critical infrastructure systems that leverage specialized equipment that may no longer be manufactured or supported by its provider.

It is critical to understand that the impact of a cyberattack is not only related to the damage it causes but also the difficulty the organization has in recovering from the attack. The challenge with sectors that are still using legacy software and equipment is that vulnerabilities could allow a skilled adversary to completely take control of or take down an environment and leave the victim organization in a position where it cannot remediate the situation for some time.

In the case of modern software, systems can generally be restored quickly because they use commodity equipment or even cloud platforms that allow them to back up their assets and easily restore operational capabilities following an attack. Contrast this with specialized environments where specialty, legacy technology and organizational expertise may not be available to replace or restore affected systems.

For instance, some government systems may still use software written decades ago by individuals who are no longer available to consult on the architecture. Some of the equipment upon which our critical infrastructure relies may have been manufactured by organizations that no longer exist making it difficult to reproduce or repair key components if any are damaged in a cyberattack.

Sherry Ryan

CISO at Juniper Networks

Ransomware is a universal threat and not focused upon any particular industry segment. In the U.S. alone, more than $140 million has been spent by private businesses, universities and municipal governments to rebuild their networks to protect against future attacks, restore data from backups and paying ransoms.

While recent warnings from U.S. government agencies have targeted health care, we should all be on guard and ensuring we're patching vulnerabilities, plus, thinking about preventive measures we can put in place to protect our organizations from ransomware.

See who's who in Protocol's Braintrust (updated Nov. 4, 2020).

Questions, comments or suggestions? Email

More from Braintrust
Latest Stories