In the wake of the Colonial Pipeline ransomware attack, we’ve decided it is a good time to revisit creating a solid cybersecurity strategy for your business. We see high-profile hacks as a learning opportunity. This is a good time to assess your cybersecurity strategy and see what you could be doing better.
On Friday, May 7, the Colonial Pipeline, one of the U.S.’ most important pipelines that on a regular day carries 2.5 million barrels per day or 45 percent of the East Coast’s supply of diesel, petrol, heating oil and jet fuel from refineries in Texas and the Gulf Coast to the Northeast had their information technology systems disrupted by hackers. The hack is considered one of the most disruptive ransomware schemes with massive fuel disruptions across the northeast.
This incident should not be a surprise or a “wake-up call.” We’ve known for a long time that hackers regularly use phishing attacks and ransomware to exploit business’ weak cybersecurity for their own gain. Based on lessons learned from the most recent high-profile cyber attack, here are 4 steps your business can take to develop a resilient cybersecurity strategy:
- Understand your cyber threat landscape
In order to understand the threat landscape, you must examine the types of threats your organization faces today. Ransomware attacks like the one that hit the Colonial Pipeline often start with a phishing email. The current threat landscape calls for extra caution and a heavy dose of security awareness training and phishing training and testing for all your users on a regular basis.
- Assess your cyber program
Once you understand the threat landscape, it is time to take a deep dive into your current cybersecurity program. The assessment should include your technology, your people and your policies. Once you get a big-picture overview of your current cybersecurity program, you can determine what is needed to best address the current threat landscape. Be prepared to reassess as times change. We suggest using a third-party technical partner to provide an objective view of your current cybersecurity status.
- Identify cybersecurity gaps
The assessment helps identify gaps in your cybersecurity program. Once you know what you’ve got, it is time to find out what you need. Determine what is needed to fill the gaps and meet your cybersecurity objectives. Remember to address more than just technology solutions — people also play an essential role in your human cybersecurity shield, your true first-line of defense against ransomware.
- Document everything
Thoroughly documenting your cybersecurity strategy includes written cybersecurity assessment reports, cybersecurity plans, policies, guidelines, procedures and employees responsibilities when it comes to cybersecurity. Make sure these plan are clearly communicated and accessible to all employees.
It is important to understand that your cybersecurity strategy should be ever evolving — just as the cyberthreat landscape is constantly evolving. Security should NEVER be stagnant. Another important point to mention about cybersecurity — you can’t do it alone. You need experts who know how to deploy and mange cybersecurity solutions using best practices to protect your systems. You also need experts to monitor your systems 24/7 for suspicious activity.
ACE IT Solutions is honored to be recognized as one of the top managed cybersecurity service providers in the world. Our entire team has worked very hard to provide white-glove customer service and build best-in-class strategic cybersecurity technology that delivers value to all our clients — including cybersecurity awareness training and phishing education and testing for all your employees.
Interested in working with a world-class MSP? Contact ACE IT Solutions at 646.558.5575 or firstname.lastname@example.org to start a conversation.