What you are going to see is a knee jerk reaction to this event, I can tell you exactly what the next steps will be because I've seen it hundreds of times. First, the company will throw millions of dollars in tools, cyber firms and rearchitect of the network, they might even remove a few bodies from the management realm, then the government will push for more regulation and oversight and then you'll see endless case studies of how to make it better and never happen again but yet it will.
I did 5-week blog about "Cybersecurity is broken" last year which laid out exactly what was wrong with the cybersecurity industry as a whole. Part of the problem is what Mr. Meinetz touched on in his post. Microsoft does have a lot of problems but they had such a great marketing thrust in the 90's that made everyone Microsoft Junkies and it will probably never change, it's too far engrained in our culture that it will never go away, at least not in our lifetime. Cybersecurity in general is much bigger than just the OSs, it goes much deeper and is evolving all of the time.
I was dealing with an Incident Response of ransomware the Monday before Colonial reported they had been hit with ransomware. It too was the Darkside ransomware. The company that had called us was a smaller (45M) company and not a large pipeline but they were hit with the same malware. I just finished the root cause analysis (RCA) over the weekend and it came down to a person clicking on a phishing email (pretty certain it happened the same way at Colonial). However, what was interesting is that the company was running Barracuda Email Security Gateway which didn't detect it as bad, then the company was only using Microsoft Defender as its AV protection. We also found out that they never did annual security training, they never did patching, they didn't spend the money (approx. 4K a year) to use a better AV solution, weak passwords, and it was a flat network. The one thing they did right was they did do backups......but it was on the same network. They were fortunate that the first action I told them when they called us was to disconnect the backup server immediately.
Not wanting to go down a rabbit hole but where did they fail? No security training so the person wouldn’t have clicked on the link? The email security tools which employs signature-based protection (which I am not a believer in) with the email protection? Problem with signature-based protection is you need to know about the problem before you can stop the problem. No patching? Flat network? And on and on.
As my Dad told me, “life is hard, but it’s harder when you make dumb decisions”. Cybersecurity is hard, but it’s much harder if you don’t do anything or take the bare minimum approach. I like the list that Mr. Brooks provided but I feel it’s missing some items and it’s at the 20K foot level.
It comes down to practicing good cyber hygiene. Annual security training, patch management program, configuration management program, business continuity planning, incident response plan, proper network security segmentation, updated tools, vulnerability scanning, penetration testing, backup plans, multiple backups, etc….. and there are probably more.