Ransomware has once again made headlines, this time due to an attack on Colonial Pipeline. Do you know how to defend against and respond to an attack like this?
The ransomware attack against Colonial Pipeline resulted in a widespread shortage of gas across the country. The encryption of the petroleum supplier’s systems forced them to shut down operations for a number of days, highlighting the vulnerability of critical US infrastructure to cybercrime attacks.
Nexus IT Consultants’ CEO Earl Foote recently appeared on Mountain Connections PCTV to talk about this major security incident:
“This is one of those scenarios that seems like one of those movies we used to watch,” says Earl. “It seems fictitious, but these are looming threats that have been around for some time.”
Despite what you may assume at first, cybercrime isn’t always theft. Cybercriminals generally aren’t interested in stealing your data or trying to gain access to proprietary information or financial accounts.
More often than not, it’s about disruption. Given how complex a business’ daily processes can be, and how much they depend on information systems, it’s easier for cybercriminals to simply try to disable your core systems and then extort money while you deal with crippling downtime.
In order to prevent disruption and limit downtime, you need a robust business continuity plan. Your plan should put forth policies and procedures regarding employee safety, business continuity, and contingencies that can be activated if your business’ facilities are damaged.
Cybercriminals are learning that it’s far easier (and more effective) to target infrastructure instead of assets. Why bother trying to break into a company’s bank account when you can simply attack their ability to operate, and then extort them in the fallout?
Similar to the above lesson about disruption, it’s important to understand the damage cybercriminals can do by focusing on ancillary and lower-priority systems. The end effect is still the same — expensive downtime, destroyed reputations, and worse.
The Colonial Pipeline attack had both immediate and long-term consequences. As knowledge about the attack hit the news and customers realized that the flow of gas was shut down, many consumers rushed to the pumps to buy gas as soon as possible. Despite warnings not to panic buy, many customers feared the possibility that they would run out of gas.
With the system shut down, gas shortages occurred quickly as lines at the pumps spread around the block. While the Colonial Pipeline was restored within a few days and most people were able to easily get the gas they needed, the impact of the attack will be felt far beyond those initial days. Gas prices rose immediately, and they seem unlikely to go all the way back to their previous rates.
More importantly, however, the Colonial Pipeline attack exposed just how vulnerable many elements of society are, and how reliant they are on the cybersecurity measures that help protect them against attacks like this one.
The biggest lesson we can learn from the recent cyber-attack on the Colonial Pipeline, as well as other recent attacks on government agencies and big corporations, are the following:
The bottom line is that there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risks of being breached can be dramatically reduced.
Here’s the reality: if an attacker wants to breach your network, they most likely will; the effort can take anywhere from several minutes to several years, depending on the value of the information and the security measures in place to protect such data. We should, however, make it as hard as possible for the threat actors to be successful, and do everything we can to limit the damage they can cause.
When it happens, however, our greatest resistance comes from stopping the threat and recovering as fast as possible and with the least fallout, followed by an in-depth investigation as to how the attack was possible, and the implementation of safeguards against future similar attacks.
If you have any questions or concerns about this situation whatsoever, please get in touch with our team.