Colonial certainly isn’t alone in this regard. Many companies look to close digital doors after attackers have walked in and made themselves comfortable; the critical nature of Colonial’s operations, however, thrust its response into the public eye.
Uniting InfoSec Efforts Within an Organization
For Brewer, it’s not all bad news. “Thanks to the attack, Colonial Pipeline is like a household term now. Not everyone will understand the ins and outs, but people have general awareness.” Brewer hopes that this awareness will spur action to unite InfoSec efforts across corporate silos, and suggests three strategies to help improve incident response efforts.
- Train like you fight, fight like you train. Cyberattacks are stressful, but regular and rigorous training helps teams respond quickly and effectively to threats. “Instead of having a reactionary posture,” says Brewer, “have a preventative posture. Use techniques such as penetration tests and tabletop exercises. Run through these scenarios to prevent overreaction.”
- Get the right people in the room. Brewer puts it simply: “You have to talk about everything that could happen. You need to consider all different scenarios.” This means getting the right people in the room — from security experts to operations managers and frontline IT staff — to evaluate what’s happening and create a triage strategy. For Brewer, taking even 30 or 45 minutes for this discussion can help improve defensive posture and limit overall damage.
- Create a cybersecurity culture. For Brewer, cybersecurity is inherently human. “We’re trying to change human behavior,” he says. “People are going to open emails and click links. That’s what they were designed to do. It’s all about psychology. Everyone is a vector. How do we make sure we’re training people to understand that and protect the company?” Consistent cybersecurity culture is critical to achieving this goal.
The Colonial Pipeline attack makes it clear: Current cybersecurity practices aren’t keeping pace with attacker efforts. To help reduce the risk of operational disruption and costly bitcoin payouts, security leaders need IT strategies that deliver defense in depth and help cultivate a culture of proactive protection.