News of the ransomware attack against a supplier the Queensland power grid shows, once again, that criminal enterprises continue to target the most highly-critical systems – systems that directly support day to day life. But the story is not all doom and gloom. CS Energy’s ability to quickly segregate off their operational network from their corporate network following the detection of ransomware propagating in their environment, helped contain the spread and ensured that their most critical functions (power generation and supply) were not impacted. This is a real-world example of how detection is far more effective when it can be coupled with capabilities that allow defenders to contain the threat once it has been identified.
Organisations continue to rely on and invest in detection as though they can prevent every breach from happening. This approach repeatedly misses attacks. Detection must be coupled with an ability to contain an attack, or ideally preventative controls should be established that limit the spread in the first place. And, until more organisations follow Queensland’s example and adopt preventative measures, we’ll continue to be bombarded with headlines the opposite of this one, that instead detail devastating attacks on critical infrastructure.