The Washington Post had an eye opening story on just how bad things are when it comes to responding to cyber attacks. Based on a congressional review by the House Oversight Office of three very major cyber attacks (CNA, Colonial and JBS), we have some insight into why incident response preparation is so important.
#1 – Who should victims call in the government?
If you don’t already have the name and cell phone number of the person you are going to call if you need help, get that now. Establish a relationship and keep it active.
“Colonial was in contact with at least seven federal agencies or offices,” the committee found. “CNA was initially referred to one FBI field office before a different field office was designated as the primary point of contact.”
In the case of JBS, the company emailed the FBI. But it took several hours for a substantive reply, as the email was forwarded between case agents at the same field office who were trying to determine the right point of contact, investigators found.
#2 – How are you going to handle the hacker’s timeline. The hackers say if you don’t pay in 24 hours, the ransom doubles, for example and in 72 hours we are going to publish your data. Are you ready to handle that? Assume that you don’t have access to email or any company files that are online or maybe even in the cloud.
Hackers with the REvil gang, for example, told JBS their $22.5 million ransom demand would double if it wasn’t paid quickly. They also threatened to post the company’s data publicly if they weren’t paid within three days. Eventually JBS negotiated paying an $11 million ransom.
Colonial faced a similar threat of a doubled ransom after a set period of time. Hackers with the DarkSide gang amped up the pressure with a clock ticking down in the corner of the company’s computer screens.
The feds really have to get their act together, but you can’t count on that happening so you need to take action yourself.
For some critical infrastructure, the feds are starting to collaborate with industry, but that is not going to help most companies.
This comes a day after an FBI law enforcement web site was hacked.
There is some good news. In the new $1 trillion infrastructure bill about $2 billion of that money, assuming it actually gets funded, which is less than one percent of that money, is allocated to cybersecurity.
In the case of these high profile attacks, the companies were not prepared. See more information at The Hill
ARE YOU PREPARED?