HARRISONBURG, Va. (WHSV) - Colonial Pipeline says its back up and running following last week’s massive ransomware attack.

With so many organizations reliant on doing business through technology, cyber security experts say cyberattacks like the one on the pipeline can and will happen again.

“100 percent. We’ve seen only increases in the volume of attacks in the last number of years, particularly targeted against private organizations,” Alex Stein, founder of BlueTec LLc, said.

He said most cyberattacks are meant to be hidden, but the goal of ransomware attacks is to bring attention to the hacker’s demands.

“They’re not necessarily looking to disable an oil pipeline, their goal is to pull money, pulls as much money as they can from their victim,” Stein said.

He added that the most vulnerable organizations are the ones that don’t know they’re being attacked.

“There’s a great quote from the former CEO of Cisco, a guy named John Chambers, he says, ‘There’s two types of businesses; those that have been attacked and those that don’t know they’re being attacked,’” Stein said.

When preparing for cyberattacks, Stein recommends that organizations have a back up and disaster recovery plan ready.

“This is the solution that you’re going to rely on in the event that attack occurs and it’s the thing that’s going to get you back up and running to keep the business operational quickly,” Stein said.

Next, he says it’s a good idea to conduct a business impact analysis.

The goal here for businesses to assess all of their systems that would affected in the event of an attack and determine how successfully the business could operate without them.

“Based off your business impact analysis, you want to build what’s called a cyber security incident response plan,” Stein said. “Detail and very thoroughly, and very diligently how exactly your team will respond when an attack occurs.”

Finally, Stein said organizations of all types should have an annual assessment of their systems to see where their vulnerabilities are and be able to fill those gaps to potentially prevent an attack.

“Hire an organization, a third-party organization, that’s impartial to come in and review all of your technology assets from bottom to top,” Stein said.

