Crisis Management Lessons to Learn from the Colonial Pipeline Incident

security breach

Cybercrime has become increasingly rampant over the years, with gangs and independent hackers becoming bolder and more advanced. In fact, there’s this unspoken sense of dread that anyone, be it an ordinary citizen or big corporation, can be a victim anytime soon. And even if more robust measures are put in place to prevent attacks, cybercriminals find ways to prove they’re always one step ahead.

But it’s flawed and defeatist to think that cybercriminals are more innovative than governments and businesses. A more accurate assessment is that we are yet to truly internalize cybercrime as a significant threat. It only becomes real and tangible once you’ve taken a hit, your operations are suddenly put to a halt, and your profit margins take a nosedive. Such is the case of Colonial Pipeline, the largest pipeline for refined oil in the US, whose operations shut down after taking a hit from ransomware gang DarkSide. This attack incited panic in the East Coast and southern states and pushed petrol prices up.

In 2018, there have been 812.67 malware infections in the world. Following the pandemic, it increased by 600 percent. Among many kinds of attacks, ransomware proves to be the most damaging to businesses and people. In fact, 60 percent of small companies close down within six months after being attacked.

For large corporations like Colonial Pipeline, where government and private sector support is plenty, the chance of survival and recovery is high. Soon enough, the company was able to restart its operations. But it has exposed a dangerous truth that even large corporations backed by the government can be easily taken down. This event has left essential lessons for business leaders and cemented cybercrime as perhaps one of the biggest threats to the economy.

Regardless of the size of your business, security is about installing an intruder alarm system or firewall solution. However, it’s also about developing a sound and proactive policy which includes the following measures:

1. Identify key assets and vulnerabilities

The first step to building a cybersecurity policy is determining which of your assets are likely to get breached. Any business that uses a computer system is vulnerable, even more so, businesses that gather or use sensitive information. In addition to assessing your computer systems and network, you should also look for external vulnerabilities. For example, employees who use weak passwords and are free to surf the web from your network could lead to an attack.

2. Develop a protection plan

protection

Once you’ve identified your key assets and their vulnerabilities, you should then implement tools that can inform you if these assets have been breached. You should also have a written plan that outlines how everyone should respond in the event of an attack. It would also be good to have a drill a few times a year so you can assess how your employees respond to attacks and if their behavior changes drill upon drill. If nothing changes, it’s time to rethink your plan and invest in further training.

3. Communicate and train your people

Business assets can be prone to human error and thus make them vulnerable to cyberattacks. It is important to develop and maintain a cybersecurity culture where policies are communicated, monitored, and updated. It’s also crucial to train people from the top down about their role to keep your business assets secure.

4. Take control

Business leaders are often focused on the core components of their business, leaving cybersecurity in the hands of third-party providers and IT departments. But in this day and age, to make informed decisions, business leaders must be in control of their security, and one way they can do that is to stay informed and accountable. In the event of an attack, people look to their leaders for solutions, and stakeholders hold them accountable, so it’s only right for executives to have an in-depth understanding of their cybersecurity culture.

5. Plan for and execute recovery

recovery

More often than not, an organization can still get attacked despite having a robust cybersecurity infrastructure. But having a solid recovery plan gives you the upper hand and an extra line of defense. In some cases, businesses think that the only way to get their system back up is to pay the ransom, but there are other better options to explore. It would be wise to call in the experts and authorities before negotiating with attackers.

Cybercrime is a big threat across all sectors of society, and if institutions and individuals aren’t careful, they could face huge losses. Like with any crisis, it’s better to have a proactive approach than a reactive one.

Share this post on

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on pinterest
Share on tumblr
Scroll to Top