The Colonial Pipeline ransomware attack¬†in¬†May 2021¬†had the most far-reaching impact¬†of any ransomware attack to-date,¬†causing¬†a shutdown of¬†one of the United States‚Äô largest pipelines,¬†resulting in gas shortages and nationswide panic. Shortly after the attack, President Joe Biden signed an¬†Executive¬†Order aimed at strengthening the government’s cyber defenses. And while that‚Äôs a¬†big step in the right direction, it¬†will continue to¬†be¬†up to businesses¬†and¬†other organizations¬†to ensure they have the proper¬†processes, tools and people¬†in place to¬†reduce the likelihood of successful attacks‚ÄĒand¬†be prepared to¬†detect,¬†respond,¬†and¬†recover¬†if they do. To help you get started, we‚Äôve listed¬†eight¬†crucial lessons learned¬†from the¬†latest cybersecurity attack to hit the headlines.

  1. Know your risks. When was the last time you conducted a Security Risk Assessment? These critical assessments review your organization’s information security controls from a technical, procedural, and policy standpoint to identify gaps against cybersecurity best practices and prioritize remediation efforts based on level of risk. From news reports Colonial Pipeline had performed some form of risk assessment over a year before the successful attack in May. If you can’t remember the last time you performed one, you’re likely due for another.
  1. Manage your risks.¬†Performing a Security Risk¬†Assessment¬†is¬†the first¬†step,¬†but¬†following up on your findings¬†and closing any gaps¬†is critical when it comes to¬†protecting critical data and systems.¬†According to¬†reports,¬†Colonial Pipeline was aware¬†for over a year¬†of major risks in their cybersecurity controls¬†that¬†identified ‚Äúglaring‚ÄĚ problems¬†and ‚Äúpoorly connected and secured¬†systems.‚ÄĚ Are you actively managing your risks and determining¬†corrective¬†actions?¬†The most secure organizations¬†review¬†their corrective action plan regularly in monthly cybersecurity governance meetings focused on¬†the¬†best strategy to manage¬†that risk.
mobile devices
  1. Assemble your people.¬†Colonial Pipeline¬†posted¬†a job opening for a¬†cybersecurity manager position weeks before the attack.¬†Do you have the right cybersecurity team¬†in place¬†to plan a strategy of cyber¬†resilience¬†and¬†also¬†to carry it out? Is your board or executive leadership discussing cybersecurity risks regularly? Are top level risks being addressed quickly?¬†If you answered ‚Äúno‚ÄĚ to any of these questions,¬†you might want to consider¬†opening key¬†cybersecurity¬†positions¬†at the executive and technical levels or¬†partnering¬†with a provider¬†who can¬†ensure your organization has the proper¬†cybersecurity¬†processes in place.
  1. Patch regularly. It is very likely the attackers against Colonial Pipeline exploited long-known vulnerabilities to gain a foothold and infiltrate their systems. Attacks leveraged against unpatched systems are incredibly common and will have a tremendous negative impact if not properly managed. Are you regularly patching security vulnerabilities in your operating systems and software? Do you have unpatched critical or high vulnerabilities that have been known for over 90 days? Patching is the best way to protect individual systems from well-known threats.
  1. Prepare for the unplanned. Are you prepared to respond to a ransomware attack? How do you know? Are you performing testing to determine if your systems are susceptible to the most common forms of ransomware? Do you have an incident response plan and are you testing it with annual tabletop exercises? If you needed to pay a ransom in Bitcoin, do you know how to get it? You’ll never be able to predict the type of breach that’ll hit, but you can predict how your organization will respond. By proactively reviewing your environment, mapping what data lives on site, in your cloud, and on third-party systems, reviewing your policies with a critical eye, and then leading you through a scenario to see how you would respond to a likely attack, Agio can improve your reaction to a breach and minimize the damage.
  1. Enable Cyber Operations: If your company was attacked by ransomware, how long would it take you to find out? Do you have robust extended detection and response (XDR) capabilities in place to alert you to the first indication of compromise? How do you know you have not already been breached by an attacker biding their time and monitoring your data? If there’s one thing you should do for yourself, it’s making sure you have a complete XDR service that works that is being monitored by a well-trained team or partner. When you have an incident, you’ll be glad they’ve seen these issues before and have the talent and tools to respond immediately.
See also  What is Network Segmentation?
  1. Control your vendors. Vulnerabilities introduced by third-party vendors account for about two-thirds of all data breaches. What would be the impact if your vendors and third-party partners were attacked by ransomware and shutdown for an extended period? Do you know if they are taking proper measure to guard against ransomware? When you partner with a third party, it’s essential to evaluate how access and the platforms they use can create a pathway for bad actors to wreak havoc on your systems or data.
  1. Ensure compliance. The recent Executive Order and pending federal legislation may require organizations to quickly report breaches. Are you prepared to do so? Are you meeting other state and international privacy and cybersecurity compliance requirements? As policies change, Agio can help you establish a customized governance framework that ensures a strong cybersecurity posture and stands up to regulators when they come knocking.

Learn More