Help Net Security reported yesterday that ASCO Industries, an aerospace manufacturing company, was impacted by a ransomware infection severe enough for them to suspend their manufacturing operations around the globe.
It continues to amaze me how effective ransomware is at grinding a business operations to a halt. Ransomware isn’t new by any means; however, organizations don’t seem to be taking the threat seriously. Employees remain extremely vulnerable to phishing tactics that often let malware into the network, however IT departments should be more prepared for this sort of outbreak than they seem to be. Ransomware should be curable with a quick restore of infected systems, and then you’re back online. Users workstations? Re-image and call it a day.
The blame here does fall on the IT organization themselves for being ill-prepared. I don’t pretend to be knowledgeable about the ins-and-outs of ASCO Industries’ IT environment, but today’s hyper-connected world demands that IT professionals rise to the call of taking reasonable measures to protect their environment. We’re not talking about anything crazy, just common protective measures such as:
- Backups of all servers to meet RTO/RPO as determined by business needs.
- Endpoint protection – a reputable antivirus and intrusion prevention solution. It won’t catch everything but it is still an absolute necessity.
- A segregated network. In this specific example it seems logical that the manufacturing network should be separate and more locked-down than other client networks – so why was the production line impacted?
- An incident response plan: so a workstation does get infected, what do we do? This doesn’t have to be rocket science, it might be as simple as disconnect from the network until the station is re-imaged.
- Security awareness training. This is no longer optional – staff need to be trained on threats such as phishing, social engineering, and basic information security concepts.
The biggest problem that I’ve seen is lack of urgency on the IT organization’s part to accomplish these bare minimums. It may also be influenced by insufficient understanding (and maybe lack of proper budget allocation) from the C-level executives in the organization. One thing I’m sure of is that the folks at ASCO Industries are re-evaluating those priorities right now.