No company is secure from breaches. The Colonial Pipeline incident proved it yet another time. Experts are yet to find out how the leak happened, and CEO Joseph Blunt had to explain why he paid the ransom. You do not want to face this debacle ever. In this article at CIO Insight, Drew Robb shares the CIO lessons you must learn from the Colonial Pipeline attack.
Lessons from Colonial Pipeline Attack
Training to Prevent Phishing
One single click on a malicious link, and the entire company’s data is at stake. Employees are mostly targeted for this kind of phishing attack. The solution is to train them as frequently as possible to detect social engineering plots in a seemingly innocent sales email.
Backups for Attacks
Ransomware attackers gain ground when they withhold your sensitive data. So, always have backups of confidential information to prevent being caught off-guard. Additionally, scan your backup data to check for malware.
Building Air Gaps
If all your backups are online, ransomware criminals can get hold of that as well. So, leverage air gaps by keeping such sensitive data offline. Then, archive them with modern tapes that stay offline until you need to retrieve some data from them.
Not Paying Hackers
FBI recommends not paying ransoms to hackers. Some of these cybercriminals expose your data even after you pay the desired amount. So, instead of keeping aside a ransom budget, beef up your security and data infrastructure.
Cybercriminals are making use of hyper-connected networks in your organization. For instance, they infiltrate from a fintech gateway into your accountant’s system and reach the IT department’s systems. Perform corporate segmentation so that you can let go of the infected networks and save the rest.
Establishing Zero-Trust Model
Your trust in employees or the board of directors has nothing to do with their accessing sensitive information. One of the CIO lessons is to utilize the zero-trust model for everyone. All must go through the authentication process, even the frequent users in your administration team.
Careful Digital Transformation
Digital transformation will help you monitor and control your organization from anywhere. Guess what? It will also help cybercriminals to reach every corner of your company network. While migrating to newer technologies is necessary, one of the CIO lessons is also to pay attention to multi-factor authentication and data encryption.
Patching the Loopholes
Update the firewall patches on time because unaddressed updates can leave loopholes for the hackers. In addition, automate patch management so that your IT department does not have to send employees and stakeholders multiple reminders about updates.
To view the original article in full, visit the following link: https://www.cioinsight.com/security/cio-lessons-from-colonial-hack/
The post CIO Lessons from the Colonial Pipeline Data Breach appeared first on AITS CAI’s Accelerating IT Success.