Bloomberg and other news outlets have reported that Colonial Pipeline paid hackers nearly $5M in ransom, in the wake of the recent ransomware attack on pipeline operations.
The magnitude of loss perceived by Colonial Pipeline obviously exceeds the $5M paid if we add up loss of revenue as well all the expenses involved in reaching Colonial’s recovery point objectives (RPO).
In light of this attack and others, industrial operators need to ask themselves:
In paying the ransom, Colonial-Pipeline has signaled to cybercriminals what their tolerable risk is for a single event.
[inject id=’code-47fd23f73a9caecab1e206306adae7f9′]
I call upon companies in all sectors to initiate a process of DATA-DRIVEN risk analysis, establish security assurance levels and tolerable risk, and prioritize their investment in risk mitigation according to their tolerable risk.
Learn more about the Radiflow CIARA platform for continuous risk assessment monitoring in OT/ICS environments.
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3