As I wrote last week, the Colonial Pipeline situation hit Florida hard.
Cannot think of a time when almost every gas station in town was dry; I was a little young during the 70’s fuel crisis.
When chatting with a guy at the pump last week (at 6:30 a.m.), he told me it reminded him of that.
The fuel supply appears to be (almost) back to normal, so what is next for our state and nation? Are we going to sit back and wait for the next ransomware disaster or are we finally going to change the way we think about tech, email, cyber-security, and work?
At some point, a shift in perspective must happen for you and your organization, you must see email not as a casual communication tool, but as a threat delivery system.
We have been putting our contact info out there for so long and hackers have been taking advantage of that for years.
The entire social network we have created around us makes us even more likely to click on a dangerous email. A hacker can take 10 minutes on your LinkedIn and Twitter page, rip an email off your website, either your email address or one of your colleagues’. They send something that looks believable but is actually loaded with malware.
Whether it is a fake iTunes message, CareerBuilder update, Microsoft communication, Netflix account suspended email (people click on that one almost all the time — we must have our Flix), etc.
On our Biz & Tech Podcast earlier this year, Capital City Consulting lobbyist Nick Iarossi said it best: He “does not click anything.”
You can watch Lobbying and Life with Nick Iarossi on YouTube.
THIS is the only way to be safe, if you are not expecting an email from Tom with the Department of Transportation, guess what, do not click the link or attachment in his email.
If you see an Excel doc in an email from someone you know, text them and verify it is legit.
It’s time to be suspicious. Trust no one. Fox Mulder’s comments are on point in regard to cybersecurity.
What is next in the cyberwar for you?
I recommend every individual who has not done so should, for starters: Roll out cyber-training, redundant backups, a password audit (still using the same one for various sites, fail), cyber-insurance, two-factor authentication, advanced cyber tools, and a phishing simulation.
What’s next for Colonial after a national fiasco where they paid a $5 million ransom?
I follow a job board for government and other posts; it appears Colonial’s follow-up is to hire a cybersecurity manager. Good work folks, that’s a solid next step; we assume the former CSM is doing other things now or Colonial is identifying this as a position they now need.
I’d love to be a fly on the wall to see who clicked on what to get this started.
Just like the intern at SolarWinds who was blamed for that national catastrophe with the SolarWinds123 password they were using.
If you have not had the full debrief on that story it’s worth a read, as anyone on your team can bring you down.
Interested? Colonial posted the job opening online.
And what about the Russians?
Next, Russian hackers will continue to launch these attacks, especially now after a multimillion-dollar ransom payday. The Russian government will continue to deny knowledge of any of it, just like with the SolarWinds attack.
Next up for the feds?
Looks like President Joe Biden signed an executive order immediately following the incident. You can read the details: Biden signs executive order to strengthen cybersecurity after the Colonial Pipeline hack (cnbc.com).
One item he is pushing is a mandate in deploying two-factor authentication (solid idea) at the federal level by a certain unspecified time, as well as establishing a cyber-safety review board to assist organizations after an incident.
Having them knock on the door sounds like a real treat, I can almost smell the red tape from here.
Anyway, the bottom line is this situation has provoked a national response; that’s a good thing.
Next up for me?
I think I am going to write about something non-cyber-crime next week, as the world needs something positive.
Maybe I will write about that rumored ABBA reunion that’s still in the works or a deep dive into the next Star Wars projects. Who knows?
But in the meantime, I will prepare for another birthday next month (not my 21st, or 30th for that matter) and pop a cold IPA this evening to watch some Florida Gators baseball against No. 1 Arkansas.
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].