Back
What If a Ransomware Attack Took Down Your Business Operations – and Could Have Been Prevented?
The Recent Breach at Meat Processor JBS SA Proves the Need for a Business Continuity and Disaster Recovery Plan
The world’s largest meat processor by sales, Brazil-based JBS SA, is recovering from a ransomware attack that hit their IT networks, taking about one-fifth of U.S. beef and pork processing completely offline.
The company was forced to curtail operations in North America, Canada, and Australia, causing ripples in U.S. financial markets and placing even greater strain on a food supply chain already upended by impacts of the COVID-19 pandemic.
While JBS SA works to get back online and restore its operations, meat buyers around the world are scrambling to find new meat suppliers. And there is speculation that even when distribution resumes, the widespread processing plant shutdowns could lead to higher consumer prices, as this attack is one more level of stress on an already-suffering market.
Adding Insult to Injury
Large corporations like JBS SA that are responsible for major supply chain distributions were already hit hard during the COVID-19 pandemic. These meat processing facilities experienced record numbers of infections among workers, causing labor shortages that challenged production during a time of significantly increased demand.
With the world’s economies in varying stages of recovery and labor shortages continuing to impact businesses, a cyberattack can very quickly undo progress and set an organization back significantly in any sort of rehabilitation – whether from COVID-19 or another disaster. However, the implications of ransomware attacks like the one at JBS SA can have far-reaching and long-lasting effects no matter when they occur.
- Impacting daily life for consumers by creating supply bottlenecks or increased prices
- Threatening public health and safety
- Causing economic distress as businesses are unable to access products
- Resulting in the complete closure of the compromised business due to irreparable damage
- Putting sensitive, personal data into the hands of malicious actors
- Ruining the compromised company’s public reputation
- Requiring massive costs to remediate and recover from the cyberattack
Lesser of Two Evils
Recent reports tell us that the attack impacted JBS SA’s IT systems, but that there is no evidence the company’s operational technology (OT) systems were compromised. While JBS SA was able to suspend the use of its affected servers following the attack, had its OT systems been impacted, the company would have seen far larger consequences to its factories and industrial facilities, which are all controlled by the OT systems.
Attackers can certainly do far greater damage if they gain access to OT systems, and that risk should be a red flag for any corporation unsure about the importance of a cybersecurity program. But any attack potential should be a red flag – that’s the bottom line. As attackers are becoming more sophisticated and increasing the frequency and severity of attacks, companies can no longer assume “it won’t happen to me” or place all their faith in security systems that are antiquated or not regularly updated.
It would have been worse if JBS SA’s operational technology systems were compromised, but the IT system attack has caused a massive amount of damage and disruption that is reaching into individual households across the world. There is no real lesser evil in this scenario, so the best approach is to be prepared.
Business Continuity and Disaster Recovery
While it is difficult to know at this time if and how the specific impacts to JBS SA operations could have been mitigated, the entire attack shines a beacon on a critical aspect of cybersecurity that is often overlooked – Business Continuity and Disaster Recovery planning.
If organizations like yours do not actively plan for ransomware or other disastrous incidents (including natural disasters or pandemics, among others), your organization could be forced into mass shutdowns, loss of revenue and reputation, and in extreme cases, closure of your business. It is important to have a documented business continuity and disaster recovery (BCDR) plan in place before an incident occurs, so personnel throughout your company know how to react, what systems are most important to the health of your organization, and the steps to both protect those systems and bring them back online (at least in some capacity) so operations can continue.
During or following a disaster is the worst possible time to figure out if you even have such a plan or, if you do, if it’s really effective in getting you up and running again. Gartner has found that each minute of downtime costs small- to medium-sized businesses an average of $5,600. That’s every single minute! The recent ransomware attack on the Colonial Pipeline shut down operations for six days, carrying implications nationwide, not least of which included the highest hike in gas prices in 6.5 years.
Colonial Pipeline CEO Joseph Blount wound up paying the attackers $4.4 million to unlock the compromised systems, but that wasn’t enough to immediately restore operations, leading to the days-long rehabilitation.
The FBI has advised businesses not to pay attackers in exchange for data recovery as it often encourages more attacks and rarely results in full restoration. However, companies with no backup or recovery plan largely feel like they have no other option.
Our response to that conundrum is to invest in creating or updating your Business Continuity and Disaster Recovery (BCDR) plan. Taking action now can prevent potentially business-ending consequences following an attack.
Work With Experts Who Think Like the Attacker
Our experienced and knowledgeable consultants can review your existing BCDR plan and interview key stakeholders, highlight the gaps in the plan that could delay your recovery, and propose mitigation steps to close those gaps and ensure the restoration of operations as quickly and efficiently as possible.
The team at DirectDefense have extensive backgrounds in security, government, and across diverse industries, allowing us not only to think like an attacker, but understand and apply the nuances of an attack to your specific business.
A BCDR plan is a critical component of preparedness when it comes to security attacks or other disasters. You can and should also go a step further to test out the plan in a real-life simulation. Our tabletop exercises create a live environment so personnel can experience the BCDR plan in action, both highlighting areas of improvement and offering training to stakeholders so everyone is more prepared and on the same page if they are called on to respond to a real event.
Being prepared carries peace of mind and greater business security. As a fully staffed, 24/7/365 managed security service provider (MSSP), we work with companies like yours to provide round-the-clock security monitoring, increasing your overall network security. Whether acting as your organization’s security team or supporting your existing one, we can improve your company’s security posture and the vulnerability of your networks.
Don’t get caught unaware, and don’t wait for the worst to happen to figure out what you need. Contact us today to improve the security around your organization’s IT and OT systems with a BCDR plan, and be prepared with a managed security services provider you can trust.
06.03.21