Cybersecurity Narratives: Lessons from the Colonial and JBS Hacks
The back-to-back cybersecurity breaches that impacted Colonial and JBS this spring sent shockwaves across the country. Gas stations all over the eastern United States were overwhelmed. Food supply chains were disrupted. Federal law enforcement kicked into high gear.
But it wasn’t just the physical world that responded to these hacks. Several narratives related to cyberattacks erupted across the online conversational landscape as well, peaking at 160,985 mentions the week of May 10th during the Colonial Pipeline attack.
These narratives give cybersecurity-focused Risk teams a lot to think about. Here are some takeaways from the Colonial and JBS hacks and the narratives that they sparked.
Narratives stemming from one cybersecurity breach could inspire the next one
Amid conversation stemming from the two hacks were narratives suggesting that the hacked companies were easy targets, that the breaches shouldn’t have come as a surprise, and that it could happen again. Could these kinds of narratives, on top of the success of the hacks themselves, serve as encouragement for the next would-be cybercriminal looking for a viable target?
If you’re responsible for cybersecurity at an Energy or Food Processing company, this is a reason to take note. Nobody wants messages spreading that insinuate companies in their industry are easy targets for hacks. For cybersecurity professionals in these industries (or any industry prone to cyberattacks or breaches), it makes sense to monitor these narratives closely and develop as much narrative intelligence around them as you can.
Here are some questions to consider:
- On what platforms are these narratives being shared the most?
- Who are the biggest influencers amplifying these narratives?
- How are these variables changing as narratives evolve?
High-profile hacks can inspire wild speculation about the targeted company
When analyzing conversations stemming from the hacks, we found several narratives driven by accusatory speculation about their true cause. Some, for example, insinuated that the Biden administration was behind the Colonial pipeline attack, whether to punish states for removing COVID restrictions or to manufacture a justification for high gas prices. In fact, when we looked into the political conversation surrounding the hacks using the Zignal Narrative Intelligence Cloud, we found that in the five days following the cyberattack, 76% of mentions discussing the gas shortage narrative referenced President Biden as well.
Other narratives faulted Colonial for being underprepared for the attacks, linking Koch Industries’ stake ownership in the company to perceived shortcomings in the company’s security policy.
It’s obvious enough that, when a high-profile company suffers a cyberattack, the consequences extend beyond the loss of data, and can lead to brand reputation risk as well. But the diversity of these narratives circulating Colonial in the wake of the May hack show that the reputational impact can take many forms – and can include a hefty dose of speculation. To get ahead of any serious and lasting reputation risk, security officers and other Risk and Communications professionals may find themselves tasked with tracking multiple narratives simultaneously, understanding each of them in detail, and seeing when one or more of them show signs of spiking.
The targeted companies have something in common
Energy and Food Processing are, of course, significantly different industries. But one thing they have in common is that the goods they produce are essentials. Colonial and JBS don’t provide luxury products – energy and food are fundamental to society. Both of these hacks, then, have raised questions about the security of critical infrastructure that Americans not only rely on, but take for granted.
In this way, the hacks were about more than money. They were about undermining societal stability.
We’ve long discussed the ways that narratives related to one organization can pull in another. With this in mind, other companies that produce essential goods would be wise to track the narratives stemming from the Colonial and JBS hacks. It just might help you get ahead of threats to your own organizations.