Issue in Brief: Late last week, a cyber-extortion event forced the shutdown of a company vital to the energy sector. A criminal gang paralyzed the company's internal networks and demanded a large ransom to release the systems.
Response in Brief: Cyber threats like these are increasing in both quantity and quality. Companies in all industries should assess their compliance and security programs, incident response plans, and business continuity plans to appropriately identify and address risks.
On the Horizon: The U.S. Department of Justice has formed a task force to curtail the proliferation of ransomware cyberattacks, the Department of Energy is developing a national cybersecurity strategy, and President Biden is expected to announce an executive order on new cybersecurity standards with the goal of creating new, broader cybersecurity standards for companies that conduct business with the government.
The Latest Victim of the Ransomware Wave:
Over the last year and a half, businesses across the industrial and manufacturing sectors have seen a marked increase in ransomware attacks on key infrastructure and operations. These attacks are growing increasingly brazen and sophisticated as cybercriminals take aim at some of the nation's largest and most crucial businesses.
The recent attack carried out by cybercriminals involved a ransomware attack on an established company and a pillar of the nation's energy industry. The cybercriminals (believed to be the Eastern European criminal ring, DarkSide) reportedly circumvented the company's security measures and managed to compromise its internal networks.
The attack prompted the company to temporarily suspend operations to contain the breach, disrupting critical fuel supplies.
The Latest but Not the Last:
Unfortunately, this latest attack is by no means unique. Cyber criminals have engaged in ransomware attacks for years—compromising and disabling systems, both informational and operational, and demanding payment before returning control to the victim. Now, cyber criminals have begun targeting the industrial and manufacturing sectors. These criminal groups are betting that businesses operating in these sectors are generally more willing to pay large ransoms to regain control of their systems. The potential downtime caused by a ransomware attack not only costs the affected company massive amounts of money but can leave large swaths of the population without essential services until the breach is resolved.
To further compound the problem, criminals unfortunately do not need sophisticated technology or extensive resources to carry out such attacks. Many firewalls and virtual private networks used by businesses, even those with vast resources and security teams, still contain vulnerabilities that groups like DarkSide are all too willing and able to exploit.
Changes on the Horizon:
Recently, the U.S. Department of Justice announced the formation of a task force to curtail the proliferation of ransomware cyberattacks in a bid to make the extortion schemes less lucrative by targeting the entire digital ecosystem that supports them. In addition, the U.S. Department of Energy is working to implement a national cybersecurity strategy, and has so far focused its efforts on the nation's transmission and generation assets.
President Biden is also expected to soon announce an executive order on new cybersecurity standards that will govern companies that conduct business with the government. The goal is to use the federal contracting process to create new, broader cybersecurity standards.
Preparedness is Key and Other Practical Advice:
Despite best efforts, no company is immune to cyberattacks. Security preparedness is key, though, to a successful response to these attacks, and-with that-a flexible framework to adjust to changing threats. Ensure that your team remains abreast of ever-evolving cyber threats, and proactively address those threats through technical, organization, or administrative safeguards specific to your business.
Equally important is a quick yet defensible response with the right incident response team (both internal and external) in place, which can shorten the time to resume your business after an attack, recover lost or compromised data, and prepare necessary disclosures. This kind of response does not happen in the heat of an attack. You achieve this by proactively developing an incident response plan, developing a dedicated incident response team, and routinely training the team on the plan. Do not allow your plan to collect dust—revisit and revise it often to ensure up-to-date preparedness.
Finally, ensure that your business continuity plan is up to date. Though a business continuity plan will not prevent a ransomware attack, it can support your remediation and recovery efforts to get your business up and running as soon as possible.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.