Important Ransomware Lessons from Colonial Pipeline Attack

The May 7, 2021, ransomware attack on Colonial Pipeline had everyone talking about ransomware. The threat seems to be behind us, and the panic over gas shortage is subsiding. The kind of attack that happened to the Pipeline saw malicious software delivered into the information system. It made it impossible for authorized people to access information. The attackers behind the malicious software demanded payment to restore data access.

A new report shows that the people behind the attack may soon begin calling consumers and clients whose information was exposed. This will be a pressure tactic to make the business pay up more money. As such, the aftermath of the attack may still be far from over. After an event like this one affecting one of the biggest industries, no one knows who the next victim is. Therefore, small and large businesses alike need to take stock and learn a few lessons.

All Businesses are at Risk

The Pipeline attack generated a torrent of media attention, creating the false impression that only large businesses are at risk. Companies should not make the mistake of thinking that this is true. Just recently, the City of New Orleans suffered a serious cyberattack that saw mayor LaToya Cantrell declare a state of emergency.

A tweet by the NOLA Ready, New Orleans City’s emergency preparedness campaign, said that the IT team had detected suspicious activity in the city’s network. In the tweet, the IT Department ordered all employees to power down their computers and Wi-Fi connections. The department also disconnected all city servers, affecting multiple businesses across the city. The attack caused over $7 million of losses, not including the cost of paying a ransom to the perpetrators.

No business can prevent the possibility of coming under a cyberattack, but every company can take steps to protect itself. Compared to the cost of a breach, investing in these protective measures provides a significant return on investment.

For example, creating an incident response plan and putting a response team in place can create some level of certainty about quick recovery from an attack. All businesses should also align their internal practices with an established cybersecurity framework. This will decrease the risk it faces and provide it with a strong argument against regulatory negligence.

Industrial Organizations are in The Frontline of Cyberattacks

In the past, financial services and retail have lived under the threat of cyberattacks, but the landscape has changed. Previously, personal information was the most significant target among cybercrime perpetrators. The rise of ransomware attacks has now shifted focus to industrial companies, with increased interest in the Confidentiality-Integrity-availability (CIA) triad.

Industrials are now on notice, and the financial impact they face is massive. Industrial companies need to put cyber as the primary component of all their disaster recovery planning. It also must be the most significant area of management focus. This should be the case for even those companies that don’t think of themselves as natural targets of cyberattacks.

The Importance of Working with Experts

After the attack on their systems, Colonial Pipeline indicated that it engaged a third-party cybersecurity firm. The firm launched an investigation to establish the nature and scope of the attack. The inquiry is still ongoing, and other federal and law enforcement agencies have also come into play.

The lesson here is that it’s essential to dig to the bottom of an attack after it happens. It’s crucial to let IT experts establish the extent of the attack. They’re in the best position to establish if any loopholes exist and how to seal them to prevent a similar attack. Working with law-enforcing agencies will also protect your business from exploitation by the attackers.

Rapid Response and Recovery Are Critical

It could be that the Colonial Pipeline took instant steps in responding to the incident to reduce the spread of the ransomware. For your business to react that fast to a hacking attempt, detection is of utmost importance. It puts you at the real advantage of taking immediate actions across endpoints to stop the spread of an attack. The proper integration of detection and response actions will help your company to significantly cut down the spread and cost of a ransomware attack.

Proper Management of Cybersecurity is Crucial to Protecting Your Business

Some colossal gaps in business systems are in the management and maintenance of security. Most may have firewalls installed, but users alter the settings to allow remote access. Some personnel also create servers that route around vital protection layers.

In other situations, companies have patching policies in place. However, the standard manual tasks often don’t get completed, considering the urgencies of operations. Standard secure configurations also exist, but users adjust them to make exceptions. These adjustments allow the installation of new software, open new ports, and create gaps in the otherwise safe structures.

Businesses also understand the importance of having robust and timely backups to reduce downtime if an attack happens. The problem is that most of these backups are usually not up to date, and they don’t resolve fast enough.

Unfortunately, most of the affected businesses lack central visibility of these gaps. Without management, all the measures you think are in place to protect your systems may work against you during an emergency.

Consolidating the security status across all your systems into a common database is critical for reliable protection. Ensure that you have an IT security team to help you:

  • Create patches
  • Harden configurations
  • Segment
  • Put appropriate backups in place
  • Limit access to the least privilege

With these fundamental elements of cybersecurity, you can minimize the risk of becoming a victim of a ransomware attack.

Final Thoughts

The ability of your business to respond to cyberattacks spells the difference between surviving those incidents and losing your business. You must put a plan in place to protect your online assets and implement tools that detect breaches. If an attack happens, the mechanisms should enable you to execute recovery and make the event easier to get through. Without a recovery plan, you’re prone to human error, longer recovery times, and revenue loss.

Putting up reliable cybersecurity measures can be challenging without the right team in place. Consider working with managed IT service providers who have the skill set and experience to put the right tools in place to protect your business. They will do the monitoring on your behalf and seal all loopholes before an attack happens. Contact us today and find out how our cybersecurity solutions can help your business.