What IT security teams can learn from the Colonial Pipeline ransomware attack | SC Media

What IT security teams can learn from the Colonial Pipeline ransomware attack

August 30, 2021
Joseph Blount, Jr., president and CEO of Colonial Pipeline, testifies before the Senate Homeland Security and Governmental Affairs Committee on June 8, 2021. Today’s columnist, John Shier of Sophos, offers eight tips for security teams in the wake of the Colonial Pipeline case and other such attacks. (Photo by Andrew Caballero-Reynolds-Pool/Getty Images)
  • Prioritize security.
  • Educate the staff – and use password managers.
  • Focus on detection, not just prevention.
  • Make every effort not to pay the ransom.
  • Prioritize security so that everyone in the organization understands their role in maintaining a secure organization.
  • Give the security team the authority and a reasonable budget to achieve its goals.
  • Employ “secure by default” modes for all deployments and operations.
  • Ensure that the company has visibility into every facet of the organization so that it can spot problems before they become full-blown emergencies.
  • Plan for when the company needs to recover from a serious malware attack. Not only will it make the organization more resilient, it will also shorten the time and lower the cost of recovery.
  • Participate in the security community by sharing the company’s successes and failures. The company benefit, and it will also help others along the way.
  • If the company gets victimized, focus on recovery and remediation rather than enriching cybercriminals.
  • Don’t hesitate to ask for help before the company needs it.
prestitial ad