One year ago, malicious nation-state actors targeted JBS USA, the world’s largest meat supplier and a critical player in critical infrastructure. This global corporation processes roughly one-fifth of the nation’s meat supply, and overnight, its facilities were forced to shut down, severely impacting the global supply chain. The organization quickly remediated the attack to mitigate any long-term damage to the global food market. However, this came at a price, with JBS paying the attackers a steep $11 million ransom.
The JBS ransomware attack underscores a critical flaw in our thinking: threats related to the security of our critical infrastructure go beyond high visibility sectors like transportation, oil, and gas – any organization that provides goods or services is at risk.
However, while the possibility of attacks may be growing given an ever-changing attack surface and heightened threat environment, the tactics malicious actors deploy are not necessarily new. In fact, they’re likely using basic techniques to enter corporate networks, remain undetected, identify weak links, and demand whatever ransom will get them access to funds in the quickest manner possible.
As we reflect on the JBS ransomware attack, here are some simple ways organizations across all facets of critical infrastructure can better bolster their networks against malicious activity.
For advice on ransomware detection and prevention, read our guide.
1. Proactive: Patch Your Systems
The best way to deter malicious actors from entering corporate systems is to close every potential window for entry, starting with the ones that generate the most risk to your business. With hacking techniques evolving every day, cybercriminals are finding ways to get around even the most complex security features.
Every company, regardless of size or industry, must take a proactive approach to their security measures, harnessing resources like breach and attack simulation or continuous penetration testing to identify, validate, and prioritize vulnerabilities on internal, internet facing, and cloud-based IT infrastructure. Then, take the necessary steps to patch all vulnerabilities.
While automated tools should play a role in this process, as they ensure 24/7 coverage, businesses must not forget the power of human intellect and experience in the vulnerability management process. To improve critical infrastructure cybersecurity efforts, IT teams must leverage their skilled teams, or partner with a trusted-third party penetration testing firm, to complement their technology solutions and fix vulnerabilities more frequently and strategically. To understand what to look for when choosing a penetration testing company, view our tip sheet.
2. Proactive: Use Multi-factor Authentication
To combat the growing threat of critical infrastructure cybersecurity attacks, multi-factor authentication (MFA) methods must become common protocol. MFA requires users to validate their identity in two or more ways to gain access to corporate assets like accounts and resources.
While this may seem like a standard, straightforward practice, authentication protocols still serve as a challenge for security leaders. There are often restrictions as to what IT can and cannot implement as forms of authentication within an organization, and they’re also limited in what their users will easily adopt in a short period of time. When building a strong authentication program, leaders should consider the following:
- Use user behavior analysis to improve your authentication practices. Anytime you detect abnormal user behavior, require them to re-authenticate. Build authentication directly into your application behavior monitoring capabilities.
- Establish policies for safe password storage. Use what works best for your organization. This is the most important step in any authentication strategy.
- Require users to set strong, complex passwords. NIST publishes guidelines on password best practices that users should follow.
- Practice the Principle of Least Privilege to limit access to sensitive information.
3. Proactive: Limit Network Access
Every corporate user does not require access to all aspects of the network. The more people with access to sensitive information, the greater the exposure risk.
CISA’s Principle of Least Privilege states that “A subject should be given only those privileges needed for it to complete its task,” and “If a specific action requires that a subject’s access rights be augmented, those extra rights should be relinquished immediately upon completion of the action.”
This extra layer of security ensures that unsuspecting employees do not unintentionally give hackers access to important information that could deploy a critical infrastructure attack, should they become victim to a phishing attack.
4. Reactive: Do Not Pay the Ransom
The U.S. government recommends that businesses do not pay ransoms – regardless of the circumstance – as this payment does not actually guarantee that a business will get its data back after the ransom is paid.
Instead of working with the malicious party, organizations should contact law enforcement to get their data back and their systems online. While this may take longer than paying a ransom, it will help deter the hackers from striking again, as they will be left without any monetary gain – which is their primary goal.
Today, all aspects of our critical infrastructure are at risk. The onus is on businesses residing in priority sectors to establish multi-faceted proactive security strategies to mitigate both potential ransomware attacks, and potential disruption if they do fall victim to attack.
We must make it as hard as possible for cybercriminals to carry out their plans. If they can’t access critical infrastructure data in the first place, they can’t demand ransom, and our day-to-day society is less likely to be subjected to chaos and disruption.