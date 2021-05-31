A computer pop-up box screen warning of a hacked system, compromised software environment. 3d … [+] drawing.

In their responses to recent cyberattacks against SolwarWinds and Colonial pipeline, the two companies, the federal government and others have demonstrated several best practices in crisis management.

Business leaders should keep these examples in mind when dealing with cyber attacks and other crisis situations in their businesses and organizations.

Best practices

When you see something say something

In testimony Before two congressional committees last February, Brad Smith, president of Microsoft Corporation, credited the cybersecurity company with FireEye for informing the company of the latest SolarWinds attack in November. They had discovered a breach in their system and requested our support in their internal investigation. In addition to reaching out to share threat intelligence, they took quick and willful critical action, including alerting the federal government to what they had found and disclosing the breach to the public, Smith said.

He told Congress that Microsoft has taken a detect, notify, correct and inform approach. Each of these steps is critical to incident response, and in many cases the work required to complete each step overlaps.

Keep people informed

In one blog post On May 27, Microsoft said, our teams continued to investigate the latest wave of phishing attacks launched by [Russia-backed hackers] Nobelium. Based on what we know now, the security community should feel good about the collective work being done to limit the damage caused by this wave of attacks. As we have informed our targeted clients and closely monitored other reports, we see no evidence of a significant number of compromised organizations at this time.

In an alert issued by the Cybersecurity and Infrastructure Security Agency, users and administrators were encouraged to check out the Microsofts blog post New sophisticated email attack from NOBELIUM and apply the necessary mitigations.

Colonial Pipeline could have done a better job in the early days of their crisis in keeping the public informed of the situation. As I reported in an article on May 9, despite the scale and potential impact of the situation, a statement on company website on the crisis has not been updated for almost 30 hours.

Act quickly

According to The Wall Street Journal, the attack on Colonial Pipeline, … was discovered around 5:30 a.m. on May 7 and quickly set off alarms through the company’s chain of command, reaching [the CEO] less than half an hour later as he prepared for the day’s work. The company stressed that operational systems were not directly affected and that it had disrupted pipeline flows while investigating the depth of hacker penetration.

Make the tough decisions

Joseph blount, CEO of Colonial Pipeline Co., told the the Wall Street newspaper that he authorized the payment of the $ 4.4 million ransom because the leaders did not know how much the the cyberattack had violated his systems, and therefore, how long it would take to bring the pipeline back.

I know this is a very controversial decision, Mr Blount said in his first public remarks since the crippling hack. I didn’t do it lightly. I admit I wasn’t comfortable seeing money coming out to people like that.

But it was the right thing to do for the country, he added.

Do as much as you can

Bryan hornung is the founder of Xact IT solutions, a cybersecurity company. He observed that Microsoft appears to have had more of an impact than the US government in its response to the SolarWinds attack.

While the US government has done what it can in terms of sanctions against the group behind the attack, Microsoft has done more to date. Microsoft has made progress in pursuing lawsuits and obtaining court orders to take down servers and botnets controlled by cybercriminals.

They also do a good job of keeping their finger on the pulse of the Nobelium hacking group, the hackers behind the SolarWinds-related attacks. He noted that Microsoft was actively monitoring the activities of the Nobeliums and keeping the security community up to date. [about] their tactics and methodologies.

Get the help you need

According to a report, cybersecurity company FireEye helped Colonial Pipeline investigate and recover from the cyberattack. Ironically, it was FireEye who notified SolarWinds last year that they had been attacked.

Implement reforms

Days after the colonial pipeline attack, President Joe Biden signed a executive order to help strengthen the country’s cybersecurity. This was followed several days later with a ad by the Department of Homeland Security that it issued cybersecurity regulations for all pipeline companies.

Advice to business leaders

Disclose immediately

Hornung of Xact IT Solutions said: … your network security is a team sport and quick public disclosure is better than keeping things in your own silo. Historically, companies have treated cyber events with secrecy, and this is common for [them] to keep things like ransomware attacks hidden from the public. This is exactly what hackers love and it turns out to be a counterproductive move in hindsight.

Don’t be so confident

Scott Scheferman, the main cyber strategist of a hardware and software security company Eclypsium Said: One of the first things organizations need to do is stop conditioning employees to trust the content of emails just because they trust the sender of the email. For too long, awareness training has prescribed a flawed paradigm for implied trust, telling employees: don’t click on something if you don’t know who the sender is. People translate this into allowing them to click on anything that comes from people or organizations that I trust.

According to Scheferman, this broken edict is the reason malware evolved to hijack email threads and sender accounts. If the 2020-2021 supply chain attacks have taught us anything, it’s that our basic implicit trust patterns are what the bad guys exploit. In the digital world, trust must be established through explicit verification, not implicit associations.

Assume nothing

Hornung of Xact IT Solutions has warned that tools, hardware, and software you purchase from reputable manufacturers may have undiscovered vulnerabilities in almost any product. All technologies will have undiscovered vulnerabilities, and this is an aspect of cybersecurity that many people don’t yet understand.