What The Colonial Pipeline Ransomware Attack Can Teach You About Cybersecurity
Cyber threats continue to grow each day at an alarming rate. Companies and government agencies are breached every day and there is no end in sight for these malicious activities.
Case in point — earlier this month, a ransomware attack against Colonial Pipeline caused a widespread shortage of gas across the country. The encryption of the petroleum supplier’s systems forced them to shut down operations for a number of days, highlighting the vulnerability of critical US infrastructure to cybercrime attacks.
It can be easy to ignore incidents like this most of the time, but in the fallout, it’s important to ask yourself how it would play out if it happened to you and your business.
Take this opportunity to reevaluate your approach to cybersecurity, and learn the right lessons now — rather than in the wake of an expensive and destructive attack.
You can start by determining how vulnerable you are right now…
7 Reasons Modern Businesses Are Vulnerable To Cybercrime Attacks
Review this list of common vulnerabilities, and compare them to the way your business operates right now — are you as secure as you assume?
Gaps In Your Cybersecurity Posture:
- Lack of adequate cybersecurity safeguards on networks.
- Lack of education and training in the protection of networks and data.
- Lack of funding for implementing adequate cybersecurity safeguards.
Relying On Basic And Limited Cybersecurity Technology:
- Failure to adopt a “security-in-depth” approach, and instead, only using single devices and “catch-all” solutions that offer multiple cybersecurity features.
Failure To Keep Systems Up To Date:
- The use of legacy operating systems on the network.
- The use of legacy or unsupported software products installed on systems that are on the network.
- The inadequate patching of operating systems and software products for machines on the network.
- Relying on operating system, hardware, and software vendors that do not create products with security in mind, are slow to release patches for bugs, or are careless with their coding, resulting in dangerous vulnerabilities.
The Ongoing Evolution Of Cybercrime Attack Vectors:
- The increasing level of sophistication in tools that are available to hackers.
- The increasing level of funding by government agencies that hire hackers to perform attacks on other countries.
Poor Cybersecurity Maintenance & Practices:
- Inadequate vulnerability testing on a regular basis, which can help expose attack vectors.
- Inadequate vetting of hardware and software products for use on the network.
- Inadequate vetting of employees, staff, and contractors who are entrusted with keeping company data and networks safe.
Lack Of Awareness:
- Inadequate understanding of the threats posed to your organization, its staff, and clients.
- Inadequate understanding of the security solutions that are in place with vendors and other companies in your supply chain.
- Inadequate security awareness training for employees, staff, and third-party contractors.
Failure To Plan Your Cybercrime Event Response:
- Inadequate planning for disaster recovery, business continuity, and risk management.
- Little or no investment in cybersecurity and liability insurance.
Any single one of these qualities can make a business like yours a target for cybercriminals, but more often than not, many of them are present in an organization’s cybersecurity posture. That’s why cybercrime events continue to occur day after day.
And it’s likely only going to get worse — cybercrime attacks on our infrastructure and our way of life have been a concern for several years now and will continue to increase as the demand for resources, political power, military power, religious dominance, and technological and medical advances are constantly being fought over.
That’s why organizations across the country — from government agencies to small businesses — need to learn the lessons demonstrated by incidents like the Colonial Pipeline breach.
4 Key Lessons To Learn About Cybersecurity
The biggest lesson we can learn from the recent cyber-attack on the Colonial Pipeline, as well as other recent attacks on government agencies and big corporations, are the following:
- Big Targets Require Comprehensive Protection: More emphasis should be made on protecting critical infrastructure such as organizations that process and provide fuel, power, and other vital resources for life and economic survival.
- Secure Network Configuration: Business leaders need to re-evaluate which machines absolutely need to be on the network, and if so, whether they can be isolated from all other networks, especially in terms of exposure to the Internet.
- Assess, Improve, And Repeat: Those in charge need to re-evaluate the security measures that are in place currently and immediately remediate any weaknesses found.
- Accept The Reality Of Cybercrime: It is not a question of “if it happens”, but “when it happens”. Is the business positioned to recover quickly and efficiently, and avoid extended periods of downtime or the access to or production of critical resources?
We Can’t Afford To Ignore Cybercrime And Hope It Goes Away
In summary, there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risks of being breached can be dramatically reduced.
Here’s the reality: if an attacker wants to breach your network, they most likely will; the effort can take anywhere from several minutes to several years, depending on the value of the information and the security measures in place to protect such data. We should, however, make it as hard as possible for the threat actors to be successful, and do everything we can to limit the damage they can cause.
When it happens, however, our greatest resistance comes from stopping the threat and recovering as fast as possible and with the least fallout, followed by an in-depth investigation as to how the attack was possible, and the implementation of safeguards against future similar attacks.