A Lesson Learned is knowledge gained from incidents, near misses, tragedies, lawsuits, etc.
Knowledge gained from Lessons Learned are just “recipes” until they become Lessons Implemented that empower and equip people with the right strategies and tools to take real actions that lead to better results.
Lessons Learned from cyberattacks are shared in numerous news articles across numerous websites, software updates, press releases, etc. on a daily basis and could even be coming directly from your IT department too.
With so many Lessons Learned, here are two important questions:
Are you and your executive leaders paying attention to the Lessons Learned and collecting them so they can be implemented on an ongoing basis?
Do you and your executive leaders have simple, effective, organization-wide, and proven tools to turn Lessons Learned into Lessons Implemented on an ongoing basis at the individual level and empower real actions for better results?
Due to soaring numbers of cyberattacks it seems safe to say Lessons Learned are NOT effectively becoming Lessons Implemented at the individual level on an ongoing basis.
It is also safe to say that Lessons Learned are NOT becoming lessons implemented because many of the attack strategies being utilized to target organizations across the nation (and around the world) are basically the same attack strategies utilized 20 years ago.
For example, most cyberattacks involve phishing and/or social engineering attack strategies. Phishing and social engineering attack strategies are not new, yet they are still wildly effective because annual phishing training is NOT effectively implementing Lessons Learned on an ongoing and active basis.
Years of Lessons Learned from previous cyberattacks reveal how even though people (employees, management, third-party service providers, etc.) have heard of what phishing is, they did not know what the most recent phishing or social engineering attacks looked like. Simply educating people about phishing and social engineering on an annual basis is not an effective solution. Implementing Lessons Learned means empowering individuals, so they know what the most recent attacks look like and equipping individuals to take the right actions that lead to better results.
Lessons Learned: SolarWinds, Twitter, and Colonial Pipeline
In 2020, the SolarWinds hack led to very serious and costly cyber breaches at some of the largest organizations in the world plus some of the most important United States Federal Government Agencies. According to SolarWinds, the hack was comprised of many attack vectors including social engineering, malware, security exploits, and many others. Lessons Learned did NOT become Lessons Implemented at the individual level.
Also in 2020, Twitter became another example of Lessons Learned NOT implemented at individual level when Twitter staff was social engineered leading to the hack of over 100 high profile Twitter accounts.
In recent days a ransomware attack on Colonial Pipeline has lead to the halt of one of the United State’s largest oil pipelines, causing the price of gas to increase. The ransomware attack was the result of a group called DarkSide who infiltrated a number of computers on the Colonial Pipeline network, likely from phishing, locking them up and demanding a ransom to unlock them.
The list of cyber breaches goes on and on because Lessons Learned from previous cyberattacks did NOT and are NOT becoming Lessons Implemented to empower and equip individuals to take the right actions at the right time.
Executive leaders from schools, organizations, and communities are the ones who need to make sure Lessons Learned become Lessons Implemented at the individual level across their ENTIRE organization and community. Remember, ANYONE on your network is part or your community.
Why are executive leaders the key? Because Lessons Learned expose how turf wars between department heads and overlapping department responsibilities continue to result in gaps, silos, and disconnects.
Executive leaders must take the lead to ensure Lessons Learned become Lessons Implemented because they oversee their entire organization and community; additionally they are responsible for bottom lines, reputations, keeping people safe, duty of care, shareholder value, cost avoidance, and numerous other responsibilities that without Lessons Implemented could become very costly consequences.
It’s time to implement these Lessons Learned right now. Don’t wait, we’ve written the Playbook and we have the right set of wheels to get you rolling. Take action today!
Not seeing the form to request information? Drop us a line and we’ll send you more information!