How the Colonial Pipeline hack makes the case for ISO 27001


We’ve already talked briefly about last week’s Colonial Pipeline hack. It’s one of the most impactful ransom attacks in history. Even the hackers, DarkSide, felt they had to apologise for its huge unintended consequences. Now it turns out that they were apologising all the way to the bank. Their victims have paid them a five million dollar ransom.

On Saturday night, Colonial Pipeline tweeted that everything was back to normal. But it’s a new normal, the kind of calm that comes after the storm. That’s a great moment to evaluate what’s just happened and make sure it never happens again, a process the company’s senior executives are no doubt going through right now.

Because of DarkSides’ surprisingly open web presence, that’s a process we can go through too. It’ll help us understand more about the kind of information assets hackers like DarkSide go after. And you’ll see how an ISO 27001 certified ISMS can help you protect your own organisation against them and many other hazards too.

The information assets DarkSide attacked

DarkSide’s site is a little harder to access than most. It sits on the darknet, which means your usual browser probably won’t be able to see it. So we’ve pulled a very interesting list off it for you to check out here. It details the information assets DarkSide managed to pull out of an unnamed US manufacturer during a previous attack.

That includes:

  • Accounting and finance info
  • HR and employees’ own privacy data
  • Marketing plans
  • Budget, tax, payroll and banking details
  • Arbitration and insurance information
  • Multiple reports and audits
  • B2B client configuration data
  • Business plans for 2020 and 21
  • 2019, 20 and 21 years’ closing accounts
  • A lot of other sensitive information!

That’s a pretty scary list. No organisation would want to find itself locked out of that kind of information or risk having it publicly exposed. But it’s also a very interesting one. That’s because these are exactly the kind of information assets an ISO 27001 certified information security management system is designed to protect.

Securing your data

To achieve ISO 27001 certification, you’ll need to:

  • Define all your information assets
  • Understand what risks they face
  • Define and apply the right controls to defend against those risks

One of the risks your info assets face is an attack from hackers like DarkSide. So going for certification means:

  • Planning for exactly the kind of attack that hit Colonial Pipelines
  • Putting specific measures in place to avoid it

And those defences will stay up to date. Constant re-evaluation is key to ISO 27001 success. Your ISMS will include processes to help you keep an eye on any changes to the ransomware threat and evolve your security measures to stay ahead of it.

For example, Colonial Pipelines might have become more vulnerable because of a Covid-driven shift to remote working. An ISO 27001 certified ISMS would help your organisation spot that kind of increased vulnerability and take action to address it.

It’s not just about your digital assets

Many people assume that information assets have to be digital assets. But that’s not the case.

Perhaps there’s only one person who really understands your payroll system. If they leave, the end of every month will suddenly become a lot harder. Their hard-to-replace payroll knowledge is a vital information asset. An ISO 27001 ISMS will help you protect it.

Or maybe your organisation owns a patent that’s about to expire. If you can’t renew it, you’ll lose an important competitive advantage. That patent is also an information asset you need to protect. Again, your ISMS will help you cover that off.

Making the case for an ISO 27001 certified ISMS

Big public hacks like the Colonial Pipelines one are a great way of starting a conversation about the value of ISO 27001 certification. But you’ll be able to back that up with a lot of wider, deeper business benefits. Our Business Case Builder white paper shows you how.

And whatever your current infosec status, we can help you build on it.

Our platform gives you a clear path to first time ISO 27001 certification, whether you’re starting from scratch or are already part way down the road to it. If you’ve already achieved certification, we make maintaining and improving it a breeze. And we can help you meet other standards and regulations too.

See our platform in action