How the Colonial Pipeline hack highlights the urgent need for cybersecurity training

Written by
Laura Woods
on

Distributed workforces and hybrid working could bring a greater risk of infosec related breaches. We look at why companies should better prepare their staff with security training and how bots can help.

In May of this year, the largest fuel pipeline in the United States, Colonial Pipeline Co. was subject to a ransomware hack which caused a spike in gasoline prices, panic buying and a delay in gas distribution to the US East coast. For the first time in the Colonial Pipeline’s 57 year history, it was forced to shut down the entirety of it’s gas pipeline, which runs from Texas to New York and can carry 3 million barrels of fuel per day.

The hack on Colonial pipeline is one of the most prolific attacks on a national infrastructure body in history, and as cybersecurity experts have discovered, it was all the result of a single compromised password.

It’s quite unbelievable to think that one compromised password could cause all this damage. However, even traditional companies in sectors such as infrastructure have highly digitized processes which run through a centralized system. As such, they are vulnerable to attacks.

As the majority of companies across the globe move to a more hybrid system of working as a result of the pandemic, the risk of cyberattacks on companies increases even further.

Many companies are more switched on than ever to the importance of cybersecurity. According to a recent survey by PwC, 70% of city firms planned to boost their investment in cybersecurity (up 22% from last year), as they move to a hybrid working arrangement. A study from Analysys Mason told a similar story for the SME space, which revealed SMEs had spent $7.9 billion on cybersecurity in 2020. They expect this spending to grow by at least 10% in the next 5 years.

Whilst spending money on cyber security is of course important, it is paramount that sufficient budget is allocated to cybersecurity and compliance protocol training for ALL staff, especially those who are remote or working from home.

According to a recent survey from Tessian, 56% of senior IT technicians believe their employees have picked up bad cybersecurity habits while working from home. The survey worryingly revealed that many employees agreed with that assessment, 39% admitted that their cyber-security practices at home were less thorough than those practised in the office. Many employees admitted that this was a result of feeling less scrutinised by their IT departments now, than prior to Covid.

There is plenty that companies can do to help staff protect their passwords and be more prepared for the novel risks we face in the digital world. If Colonial Pipeline had had 2 Factor Authentication set up for example (2FA), whereby there is a second step needed to access your account after you have provided a password (like a text message) this would have provided an added layer of protection which could have prevented the hackers succeeding.

The management of sharing this important security information with staff needn’t be a cumbersome or drawn out process. Indeed, the delivery mechanic also needn’t be dull or boring either. Using The Bot Platform you can easily build digital assistants and automated training tools that ensure staff are on top of security and compliance best practices.

 

For example, you could have a Compliance Bot that sends out important security training materials and information, including:

  • Alerting staff to security announcements
  • Directing staff to official security, data and privacy documentation
  • Sending regular security training prompts and reminders for overdue completions
  • Broadcasting emergency InfoSec announcements or updates
  • Instantly answering security based FAQs
  • Logging possible InfoSec breaches and alerting IT and security teams

Creating a bespoke bot like the one above is quick and easy. Our platform requires no coding skills or IT teams, so anyone can easily get building and have an InfoSec training solution built in a matter of hours, or even minutes.

 

These automated training tools can then be integrated into the internal communication channels your staff are already using, such as Microsoft Teams and Workplace from Facebook. Plus, they can use these work apps and access the information on demand, 24/7 – important for globally distributed teams in different time zones.

 

Join some of the world’s most renowned companies and brands including Clarins, Booking.com, WW(Weight Watchers) and Facebook by using our bots to help secure your business and ensure InfoSec best practices are being followed.

 

To find out how we can help you set up a Security and Compliance Bot, please contact us here.

Interested in learning more? Drop us a line below.

Interested in reading more? Here are some other articles you might like:

Why Your Business Needs A Crisis Comms Strategy (and How Bots Can Help)

We look at the importance of having an effective crisis communications plan.

How the Colonial Pipeline hack highlights the urgent need for cybersecurity training

We look at how companies can better prepare their staff with security training and how bots can help.

The rise in the importance and expectation of empathetic leadership

We examine the increased importance placed on company leaders demonstrating empathy