The aftermath of a ransomware attack can be devastating for any organization. Bridgestone Americas’ CISO Tom Corridon has emphasized the importance of having a clear-cut line of action at the executive level to handle such crises. In a recent interview at Accenture’s third annual virtual OT cybersecurity summit, Corridon stated that designating key decision-makers before an attack happens is crucial.
The February 2022 ransomware attack on Bridgestone forced the tire giant to shut down its networks at manufacturing and retreading facilities in North America and Latin America for several days. The well-known ransomware group LockBit 2.0 later claimed credit for the attack and announced plans to publicly leak data accessed from Bridgestone’s systems if the company did not comply with the group’s ransomware demand.
Bridgestone later disclosed that the cyberattackers had accessed business records as well as files containing Social Security numbers, bank information, and other sensitive data on some of its customers. The attack was one of several last year that affected operating technology (OT) networks at industrial and manufacturing companies in the US and elsewhere. A second-quarter 2022 analysis of ransomware attacks from Dragos showed most attacks (68%) on industrial organizations targeted the manufacturing sector.
Corridon advocates that organizations that do tabletop exercises for their technical team need to have a parallel scenario-based exercise that involves key executives and decision-makers. Just like incident management processes have two threads — one technical and one for executives — so, too, should tabletop exercises.
The executives in charge of making critical decisions during a ransomware attack need to be comfortable making them without a lot of data. Corridon noted that they need to be prepared to make decisions in the moment, which are going to feel like gut or rash decisions. Waiting too long to analyze decisions gives the threat actor more time to go further into the environment and do more damage.
One silver lining with major security events is the heightened awareness and willingness to change that it can foster. In the year since the Bridgestone attack, the company has implemented security changes that would otherwise have taken years to convince executives of, push through, and enable. The heightened awareness and understanding often mean that executives are more prepared to give security teams the money and resources they need to implement a stronger security posture moving forward.
In much the same way that OT environments emphasize physical safety precautions, organizations need to make cybersecurity a part of the daily routine for employees. Cybersecurity should be a relevant and top of mind topic for employees. One way to begin getting stakeholders to think differently about cyber resilience is to stop describing breaches and attacks as security incidents. Having that reframing of thought can go a long way.
According to Corridon, “Never Let a Good Crisis Go to Waste.” Similar change can be harder to achieve in the lower echelons, where concerns over everyday jobs and goals can quickly relegate security concerns to the backburner once an immediate crisis has passed. Therefore, it’s essential to keep cybersecurity a relevant and top of mind topic for employees.
The first step towards cybersecurity resilience is recognizing that a ransomware attack is a criminal act against the organization. This reframing of thought can go a long way in building a stronger security posture. Above all, organizations must have a clear-cut line of action at the executive level for handling a ransomware attack.
The Bridgestone attack serves as a reminder that even the largest companies with robust IT security can fall victim to a ransomware attack. Therefore, it is imperative that organizations prioritize cybersecurity and take immediate action to prevent, detect, and respond to cyber threats.