It’s still not clear who the perpetrator was or if data was stolen, but it shows the vulnerability of the food chain and critical infrastructure in general to cyber attacks such as this one.
It also shows how stealthy bad actors can be and how much impact they can have on an organization’s bottom line.
And it shows the importance of having a built-in, holistic cyber-resilience strategy that doesn’t just rely on a shiny technology widget to protect critical infrastructure, according to Travis Wong, vice president of Risk Engineering and Security Services at Resilience Insurance.
Wong works daily with companies and organizations to help them harden their cyber defenses against bad actors like the ones who attacked Dole Foods, temporarily halting production.
The investigation is ongoing, and it is not yet known who is responsible, but it is known that ransomware was deployed in the attack, said Wong, who is not affiliated with Dole or involved in this case.
It’s common for perpetrators to shut down an operation such as Dole’s, either completely or partially, in order to force the victim to pay up.
“The more they can hit operations, the more they can disrupt day-to-day operations, the more likely, they feel, they will get paid,” Wong explained.
And if the victim organization can’t continue to generate revenue or operate as intended, paying the ransom begins to look more and more appealing.
But before it gets to that point, organizations should take that holistic approach to security, beginning with an internal risk assessment, trying to identify gaps in security protocol, risk management protocol and then trying to bridge those gaps.
“This is not one and done,” Wong said. “This is continually evolving.”
Unfortunately, it’s also often a people problem more than a technology problem.
“There are multiple ways in,” Wong said. “Quite commonly these days, unfortunately, it’s human error, a human clicking on something they shouldn’t click on, a human providing access to actors that they otherwise would not have access to.”
It’s common to focus on technology as a deficiency, vulnerabilities, open ports, etc., but it’s the human element that allows perpetrators to amplify those deficiencies.
“So it’s important that Dole and other clients who may experience ransomware incidents understand why they occurred and really do some self-reflection to create road maps for improvement,” Wong said.
It is common also with these incidents for the perpetrator to find a way to stay dormant and observe the “crown jewels” or critical data or processes within an organization.
Wong said organizations are gaining a better understanding of these attacks, as well as the importance of trying to mitigate them. “Organizations understand that cyber risk is a real threat, it’s something they need to consider. So, governments and private industry are progressing and creating more formal regulations around best practices.”
What they also need to realize is that there is a starting point to mitigation but with the ongoing, evolving threats, there isn’t necessarily an end point.