TECHNOLOGY
seven finance systems that have been offline since May 7 , Blount said .
Some senators suggested Colonial had not sufficiently consulted with the U . S . government before paying the ransom against federal guidelines . The FBI discourages organizations from making ransom payments because it encourages additional cyberattacks and doesn ' t guarantee data return .
Despite investing over $ 200 million over the last five years in its IT systems , which a company spokesperson later clarified included cybersecurity measures , Blount said Colonial did not have a plan in place to prevent a ransomware attack but did have an emergency response plan . The company notified the FBI within hours . However , the cyberattack demonstrated that much of Colonial ' s infrastructure remains highly vulnerable , and the government and companies must work harder to prevent future hacks , senators said during the hearing .
Blount said the company decided to pay the ransom and to keep the payment as confidential as possible because of security concerns , testifying , " It was our understanding that the decision was solely ours to make about whether to pay the ransom ."
Cyberattacks also recently hit U . S . meatpacking plants owned by JBS and CNA Financial Corp . Sixty-one percent of cyber breaches are attributed to leveraged credentials , according to the Verizon 2021 Data Breach Investigations Report .
AnneMarie McPherson is IA news editor .
!
Contact KAIA if your agency does not have a standalone cyber policy .
20