It's Time to Break the Glass on Cybersecurity Urgency

The enemy is inside the gates.

Emil Sayegh
Jul 5, 2021
Hacker 868385550 6000x4154

If it seems that cybersecurity attacks are on the rise, you are not mistaken. When this year is in the books, every industry report will show how the frequency of attacks escalated exponentially again while the cost of attacks became higher than ever before.

We are only half-way through 2021, and with the Colonial Pipeline attack, we already witnessed one of the costliest cyber-attacks ever. The cycle for major cyber incidents has now become a matter of days – not weeks – as we witness continued major ransomware attacks, data loss, major breaches, as well as intelligence and industry warnings. If there was ever a time to get serious about cybersecurity, that time is now.

The Enemy is Inside the Gates

On May 7, 2021, Colonial Pipeline, an American oil pipeline that carries gasoline and jet fuel to the Southeastern United States, suffered a ransomware cyberattack that impacted the essential equipment managing the pipeline. The impact was so severe that it led to emergency declarations from the President of The United States, as well as the Governor of Georgia.

While the Colonial Pipeline hack has been well documented in terms of multi-billion dollar impact to the economy of the U.S., consider the recent major Microsoft Exchange platform vulnerability that has been cycling in the news as well. The industry struggled with remediation on this issue because tens of thousands of customers use this software suite and the platform was specifically targeted due to its wide base of usage.

Known to the industry as the “HAFNIUM” incident, the name comes from a state sponsored cyber espionage group out of China that has been profiled as the actors behind the vulnerability. Once infected, affected servers allowed remote code execution and untrusted network activity, even after some of the existing patch updates.

And just a few short months ago, the SolarWinds supply-chain software attack shocked many throughout the industry. Once again, the scale of impact was thrust upon thousands of companies. With each passing day, the threat is becoming more real than ever before.

“The pandemic, and its resulting changes to the business world, accelerated digitalization of business processes, endpoint mobility and the expansion of cloud computing in most organizations, revealing legacy thinking and technologies,” according to Peter Firstbrook from Gartner. Old technologies and antiquated processes are definitely to blame. But also far too often, we witness the adoption of principles where ransomware victims “just pay up.”

As much as one-third of businesses in 2021 that reported a ransomware attack decided to pay the ransom. Paying ransom demands encourages more hackers and the statistics show that not only do hackers come back to attack businesses that paid, less than 10 percent of the data that is paid out is ever completely recovered. Paying for crime doesn’t pay off and it is a glaring example of poor preparedness and lack of strategy. Cybersecurity incidents are creating a bigger impact on the economy than many people have realized as evidenced in the recent ransomware attack on the Colonial Pipeline which shut down the Eastern seaboard of the U.S.

Good Practices Needed

There are, however, positive steps that can be done immediately. The first elementary step is to do some widespread cleanup. Get rid of all instances of default passwords, all of those passwords you “think” cannot be changed and all of those strange devices and components that do not have any passwords in place. Even if it’s on your private network, everything can be a vector and hackers know it.

Enterprises need to support greater cybersecurity urgency now, review security planning and embrace the leading principles of comprehensive cybersecurity. Ultimately, the price to be paid is unwavering diligence and a hyper-focus on better comprehensive security starting with protecting “the castle,” recovering from a breach and then assurance that future attacks cannot be detrimental.

You can protect your assets and organization by following and looking for solutions that focus on:

  • Vulnerability identification & scanning.
  • Data encryption.
  • Firewall services.
  • Security patching.
  • Malware detection.
  • SOC Threat Monitoring.
  • Zero Day Threat mitigation.
  • Training & education.

You can plan for a recovery from a breach by implementing strategies for:

  • Disaster and data recovery.
  • Routine back-ups.
  • Threat hunting & removal.
  • Cyber-liability insurance.
  • Virtual desktops deployment plan.

You also need to have assurances that your infrastructure is truly protected by routinely conducting:security and compliance assessments, audits and aggregation, as well as threat and response logging and analysis, and comprehensive environmental reviews.

Only when we take the trinity of protection, recovery and assurance seriously will we be able to substantially reduce risks and beat the bad actors. Based on the continual cycle of breaches continuing to emerge, organizations need to push the pedal on evaluation, assessment, monitoring and contingency planning, and shift their mindset to always assume a breach is underway.

Not only should organization break the glass and get their security playbook in full swing, but also break the kitty bank to fund it.


Emil Sayegh is the current CEO of Ntirety,

Latest in Technology & Software
Security Breach Podcast
Sponsored
Security Breach Podcast
April 3, 2024
Screen Shot 2024 04 15 At 2 11 30 Pm
SourceDay, Infor Announce Strategic Partnership
April 15, 2024
I Stock 1353977365
The Role CRM Can Play in Getting New Hires Up to Speed, Faster
April 15, 2024
Container Ship At Port And Cargo Plane 000071988275 Large
Protecting Ships from Cyber Terrorism
April 10, 2024
Related Stories
Screen Shot 2024 04 15 At 2 11 30 Pm
Technology & Software
SourceDay, Infor Announce Strategic Partnership
Screen Shot 2024 04 08 At 3 21 25 Pm
Technology & Software
Midway Industrial Supply Updates ERP Software
AJ Strandquist, CEO of Würth Additive Group, at AMUG Expo during the DIS Global demo, Chicago, March 2024.
Technology & Software
Würth’s Additive Group Launches Inventory Management Platform
Distribution Business Management
Sponsor Content
Distribution Business Management
More in Technology & Software
Distribution Business Management
Sponsored
Distribution Business Management
Acumatica looks to offer new solutions.
April 17, 2024
Screen Shot 2024 04 15 At 2 11 30 Pm
Technology & Software
SourceDay, Infor Announce Strategic Partnership
The companies said the collaboration will allow customers to manage direct material POs from creation to receipt.
April 15, 2024
I Stock 1353977365
Sales
The Role CRM Can Play in Getting New Hires Up to Speed, Faster
It can take months for even experienced hires to become proficient enough to make effective sales calls.
April 15, 2024
Container Ship At Port And Cargo Plane 000071988275 Large
Technology & Software
Protecting Ships from Cyber Terrorism
Cargo ships feature a number of connected operational technologies - making them vulnerable to cyberattacks.
April 10, 2024
Screen Shot 2024 04 08 At 3 21 25 Pm
Technology & Software
Midway Industrial Supply Updates ERP Software
The new system created "significant new efficiencies" for the distributor.
April 8, 2024
People Cyber Metamorworks
Technology & Software
The Weakest Link in Manufacturing Cybersecurity
An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.
April 4, 2024
Ep87tn
Video
Security Breach: Hackers Learn How to Attack You, From You
It's not always about the ransom, data theft or denial of service.
April 3, 2024
Ep85tn
Technology & Software
Security Breach: Avoiding a 'Chicken Little' Cybersecurity Strategy
Threat intelligence is important, but why manufacturers should focus on risk factors first.
March 21, 2024
AJ Strandquist, CEO of Würth Additive Group, at AMUG Expo during the DIS Global demo, Chicago, March 2024.
Technology & Software
Würth’s Additive Group Launches Inventory Management Platform
The company says the service can provide parts across the globe in a matter of minutes.
March 19, 2024
Mfg Data
Technology & Software
Oracle Release Focuses on Smarter, More Efficient Operations
The company recently unveiled Smart Operations capabilities in Oracle Cloud SCM.
March 15, 2024
Generative Ai
Technology & Software
Oracle Adds New Generative AI Capabilities to Cloud Applications Suite
These new capabilities could help streamline responsibilities, not people, throughout the enterprise.
March 15, 2024
General Cyberattack
Technology & Software
The Biggest Cyber Threats Facing Logistics
New challenges have been met with new solutions and strategies.
March 14, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Technology & Software
Inside the Schneider Electric Ransomware Attack
Takeaways from a double-extortion campaign that targeted one of the sector's largest OT suppliers.
March 14, 2024
Io T
Technology & Software
Analyzing the Growing Number of IIoT Device Hacks
Breaking down these vulnerabilities will be key to prioritizing and optimizing security.
March 14, 2024
From left, ABB's Marc Segura, John Bubnikovich and Sami Atiya cut the ribbon on ABB Robotics' renovated facility, Auburn Hills, Mich., March 13, 2024.
Technology & Software
ABB Opens Revamped Robotics Headquarters
The company invested $20 million in the suburban Detroit campus.
March 13, 2024