How to Blend in with Cyber Experts at a Summer BBQ

For many of us now is the time to put their valuable vacation days to good use and take some time off to make the most out of those sunny summer days. And what's better than to enjoy some cold beverages, good company, tender burgers (meat or vegan, not judging) and tough topics in the hot sun. And yes, cyber risk is an excellent BBQ (or dinner party) topic! Just remember that in the ever-evolving world of cyber threats, the digital landscape often feels like a multi-dimensional game, and who doesn't like games, especially those with high stakes. And with organization being in the crosshair of hackers, cyber criminals, activists and malicious insiders (each of them impersonating the other to make cyber defense yet more confusing) it doesn't get much more high stakes than that.

We are firmly moving into the second decade of mainstream ransomware and continue to struggle with the complexity and impact of such attacks. The situation represents such a challenge that even non-IT folks regularly get in on the conversation. Clearly this is a topic ripe for discussion among cyber enthusiasts and the digital literates. So, how to go about impressing your fellow BBQ conversationalists? As you flip burgers and turn sausages, start the conversation with an intriguing fact. "Did you know ransomware payments plummeted in 2022 but then skyrocketed in 2023? It’s like watching a rollercoaster in slow motion!" Mention how ransom payments dropped from $983 million in 2021 to $567 million in 2022, mainly due to geopolitical distractions like Russia’s invasion of Ukraine. But in 2023, they surged to a staggering $1.1 billion, driven by 538 new ransomware variants and an average ransom demand that soared by 125%, reaching $621,858 per incident. That will surely get the attention of any cyber nerd and the conversation rolling.

As you grab a cold drink, delve into some buzzwords to really spice up the conversation. "Ever heard of Big Game Hunting?" you could say. "Not the safari kind—the kind where cybercriminals go after major corporations for million-dollar ransoms. Now that's a hunt!" Explain how cybercriminals target large, well-heeled companies, especially those handling sensitive data, to extract ransoms often exceeding $1 million. Think healthcare giants and financial behemoths.

Next, toss in, "And then there are zero-day attacks—exploiting unknown security gaps in software or hardware." For instance, CL0P’s exploitation of MOVEit software impacted numerous companies and resulted in ransom demands over $100 million. Add a note on data extortion, highlighting how hackers steal data and threaten to expose it unless paid, skipping encryption to avoid detection. This method saw a 39% increase in Germany in 2023, showing hackers’ adaptability to companies’ improved defenses. Mention Ransomware as a Service (RaaS), where criminals sell access to their malware, enabling less tech-savvy attackers to launch sophisticated attacks—a win-win for both parties.

As you help yourself to some grilled veggies, shift the tone to a more optimistic note with some law enforcement victories. "It’s nice to hear about international cooperation, like Operation Endgame. Can you imagine the FBI and Europol teaming up to take down cyber baddies? It’s like the Avengers of law enforcement!" Share how in early 2023, the FBI infiltrated Hive’s networks, preventing $130 million in ransom payments by seizing decryption keys and servers, in collaboration with German and Dutch authorities. Highlight the takedown of ALPHV, known for targeting critical infrastructure, whose website was seized by the FBI in 2023, saving victims up to $68 million in potential ransom payments. Mention the UK's National Crime Agency's arrest of four individuals linked to LockBit, freezing over 200 cryptocurrency wallets, and the DoJ charging a Russian national involved in operating the ransomware.

When mingling with a cyber interested crowd, armed with these insights, you’ll be able to engage in meaningful, light-hearted conversations about the latest trends and triumphs in the world of cybersecurity. From Big Game Hunting to international law enforcement victories, you’ll sound like you’ve been at this since before Angelina Jolie could spell 'Hackers'. Just steer clear of discussing your elaborate theories on why Clippy might have been the first real consumer AI. Trust me.