GrayMatter Earns a Top Award from Leading U.S. Cybersecurity Firm, Tenable
August 25, 2021
Why OT Cyber is More Than Just Downtime: A Look at the Florida Water Cyber Attack
September 25, 2021
Strategize, Don’t Scramble: 6 Ways to Get Ahead of the Next JBS Ransomware Attack
Ransomware attacks are evolving to disrupt entire commodity segments, rather than just individual companies.“Unfortunately, what we’re seeing is entire market segments impacted by a single attack, which could affect the whole economy in the form of fuel shortages or higher prices on meat,” says Scott Christensen, GrayMatter’s Cybersecurity Practice Director.
The latest ransomware attacks on JBS SA, the world’s largest meat processor, and Colonial Pipeline, a major U.S. petroleum pipeline operator, illuminate how cybercriminals compromise sensitive data and force industrial companies to scramble to limit the damage by halting operations.
It doesn’t have to be a scramble, Christensen says.
“Many companies have to shut down all of their OT systems because their network is not segmented on the OT side like it is on the IT side, where these attacks begin,” Christensen said. “That results in a much longer recovery time, weeks or months instead of days, and a much larger cost.”
6 Ways to Get Ahead of a Ransomware Attack
Key to dealing with ransomware is how efficiently industrial companies deal with cyber incidents, which reduces both direct costs and indirect ones, like reputational damage.
For example, Penn State University worked with GrayMatter to segment the operational technology that runs HVAC, lighting, security and other systems in roughly 700 buildings across its campuses.
If one building is impacted by a cybersecurity event, “It’s two clicks to take that building off the network, so I’m only worried about one building, not 700,” Christensen says.
Another client, a major water/wastewater provider, uses deception technology to geofence network traffic from countries in Eastern Europe and Asia where many ransomware attacks originate.
JBS SA reports that its backups weren’t affected, which should reduce the recovery time, Christensen said, but there’s more companies should do in advance to protect themselves.
Government regulations will likely soon catch up to the uptick in ransomware attacks, forcing companies to improve their cybersecurity protections.
On May 27, the U.S. Department of Homeland Security released a directive requiring pipeline operators to report cyber incidents within 12 hours or risk being fined $7,000 per day, submit results of a cybersecurity assessment within the next 30 days and have an on-call cybersecurity coordinator.
“If you’re waiting on government regulations to improve your cyber program, it might end up being too late.”