Earlier this year, our U.S. Cybersecurity and Infrastructure Security Agency (CISA) was hacked. The effects of the attack on our nation’s top cyber-watchdog affected two particular systems, and CISA responded by taking both offline. Although it may sound like the plot of a high-tech sci-fi thriller, when the country’s leading cybersecurity agency suffers a data breach, there are lessons every organization can benefit from.

Of the two involved systems, one allows sharing assessment tools between federal, state, and local officials for cyber and physical security. The other system involves a scenario sending a chill down our collective spines, and that is the security of our nation’s chemical facilities. In particular, the data involved with security assessments on these facilities was compromised.

Chemical Concerns

The Chemical Security Assessment Tool (CSAT), is the overseer of all things chemical in the U.S., including guarding highly sensitive information about our chemical facilities. That information includes Security Vulnerability Assessments, Site Security Plans, and for high-risk facilities, the Top Screen tool.

The attack exposed vulnerabilities in Ivanti Secure products used by CISA. Just two months prior to the hack, CISA released a rare, urgent warning to U.S. organizations to immediately unplug from using two Ivanti Secure products. Irony aside that CISA itself didn’t unplug from using the Ivanti software, the agency also says both systems were running on older technology scheduled to be replaced.

Lessons Learned

Although a CISA spokesperson reports “there is no operational impact at this time,” all organizations in the U.S. can benefit from this regrettable and potentially avoidable breach.

Keeping systems updated and patched at all times can help keep intruders out and data safe from exposure. And no matter how big or small a company is, having an incident response plan in place can keep damage and downtime from a hack to a minimum. When an employee with cybersecurity responsibility leaves the organization, adjust tasks to cover the loss, however temporary it may be.

From the highest ranks at CISA to local businesses, it seems all can benefit from the same principle: Be prepared and you’ll be better off.