The Colonial Pipeline ransomware attackย inย May 2021ย had the most far-reaching impactย of any ransomware attack to-date,ย causingย a shutdown ofย one of the United Statesโ€™ largest pipelines,ย resulting in gas shortages and nationswide panic. Shortly after the attack, President Joe Biden signed anย Executiveย Order aimed at strengthening the government’s cyber defenses. And while thatโ€™s aย big step in the right direction, itย will continue toย beย up to businessesย andย other organizationsย to ensure they have the properย processes, tools and peopleย in place toย reduce the likelihood of successful attacksโ€”andย be prepared toย detect,ย respond,ย andย recoverย if they do. To help you get started, weโ€™ve listedย eightย crucial lessons learnedย from theย latest cybersecurity attack to hit the headlines.

  1. Know your risks.ย When was the last time youย conductedย aย Security Risk Assessment?ย These critical assessmentsย review yourย organizationโ€™sย information securityย controlsย from a technical, procedural, and policy standpoint toย identify gaps againstย cybersecurity best practices and prioritize remediation efforts based onย level of risk.ย From news reports Colonial Pipeline had performed some form of risk assessment over a year before the successful attack in May.ย If you canโ€™t rememberย the lastย timeย youย performed one,ย youโ€™re likely due for another.
  1. Manage your risks.ย Performing a Security Riskย Assessmentย isย the firstย step,ย butย following up on your findingsย and closing any gapsย is critical when it comes toย protecting critical data and systems.ย According toย reports,ย Colonial Pipeline was awareย for over a yearย of major risks in their cybersecurity controlsย thatย identified โ€œglaringโ€ problemsย and โ€œpoorly connected and securedย systems.โ€ Are you actively managing your risks and determiningย correctiveย actions?ย The most secure organizationsย reviewย their corrective action plan regularly in monthly cybersecurity governance meetings focused onย theย best strategy to manageย that risk.
mobile devices
  1. Assemble your people.ย Colonial Pipelineย postedย a job opening for aย cybersecurity manager position weeks before the attack.ย Do you have the right cybersecurity teamย in placeย to plan a strategy of cyberย resilienceย andย alsoย to carry it out? Is your board or executive leadership discussing cybersecurity risks regularly? Are top level risks being addressed quickly?ย If you answered โ€œnoโ€ to any of these questions,ย you might want to considerย opening keyย cybersecurityย positionsย at the executive and technical levels orย partneringย with a providerย who canย ensure your organization has the properย cybersecurityย processes in place.
  1. Patch regularly.ย It is very likely the attackers against Colonial Pipelineย exploited long-known vulnerabilities to gain a foothold and infiltrate their systems.ย Attacks leveraged against unpatched systems are incredibly common andย willย have aย tremendousย negative impact if not properly managed.ย Are you regularly patching security vulnerabilities in your operating systems and software? Do you have unpatched critical or high vulnerabilities that have been known for over 90 days?ย Patching is the best way to protectย individual systemsย fromย well-knownย threats.
  1. Prepare for the unplanned.ย Are you prepared to respond to a ransomware attack? How do you know? Are you performing testingย to determine if your systems areย susceptibleย toย the most commonย forms ofย ransomware? Do you have anย incident response planย and are you testing it with annual tabletop exercises?ย If you needed to payย a ransom in Bitcoin, do you know how toย get it?ย Youโ€™ll never be able to predict the type of breach thatโ€™ll hit, but you can predict howย yourย organizationย willย respond.ย By proactivelyย reviewingย your environment, mapping what data livesย on site, in your cloud, and onย third-party systems, reviewing your policies with a critical eye, and thenย leading you throughย a scenarioย to seeย how you would respond to aย likely attack, Agio can improve your reaction to a breachย and minimizeย theย damage.
  1. Enable Cyber Operations:ย If your company wasย attacked by ransomware, how long would it take you toย find out? Do you have robust extended detection and response (XDR) capabilities in place to alert you to the first indication of compromise?ย How do you know you have not already been breachedย by an attacker biding their timeย and monitoring yourย data?ย If thereโ€™s one thing you should do for yourself, itโ€™s making sure you have aย complete XDR serviceย that worksย thatย is being monitored by aย well-trained team orย partner. When you have an incident, youโ€™ll be glad theyโ€™ve seen theseย issuesย before and haveย the talentย and toolsย to respond immediately.
See also  A Guide for Alternative Investment COOs: Whatโ€™s the Difference Between Managed IT, Cybersecurity Operations, and Cyber Governance?
laptop
  1. Control your vendors.ย Vulnerabilities introduced byย third-party vendorsย account for about two-thirds of all data breaches.ย What would be the impact if your vendors and third-party partners were attacked by ransomware and shutdown for an extended period? Do you know if they are taking proper measure to guard against ransomware?ย When you partner with a third party, itโ€™s essential to evaluate how access and the platforms they use can create a pathway for bad actors to wreak havoc on your systemsย or data.
  1. Ensure compliance.ย The recentย Executive Order and pending federal legislationย may require organizations to quickly report breaches. Are you prepared to do so? Are you meeting otherย state and internationalย privacy and cybersecurity compliance requirements?ย As policies change, Agio can help youย establish aย customizedย governance framework thatย ensures a strong cybersecurity postureย and stands up toย regulatorsย when they comeย knocking.

Learn More