Directive Blogs
The Real Lesson of the Colonial Pipeline Ransomware Attack
Most businesses are aware of the recent rash of ransomware attacks. Attacks have recently shut down gas flow to several states, meat processing plants, and even government agencies such as the MTA. However, what many businesses may not realize is that one thing could have prevented the pain, loss, and disruption from an attack like this: a solid backup solution.
Ransomware Shuts Down Fuel Pipeline, Meat Processing, and the MTA
As you are probably aware, Colonial Pipeline, a Georgia-based company claiming to be the largest petroleum pipeline in the US, suffered a ransomware attack. The attack forced the company to take some critical systems offline, affecting heating oil, gasoline, diesel, and even jet fuel distribution from Texas to New Jersey. Additionally, the company has admitted to paying $4.4 million in ransom to regain control of its systems. While the damage associated with the attack has been alleviated, there are several lessons to be learned… the most crucial being that cybercriminals are profiting from this sort of attack.
If they are profiting, they’ll continue to do it.
Recently JBS, the world's largest meat supplier, was also the victim of a cyberattack. Similar to Colonial Pipeline, JBS shut down their operations, resulting in their business coming to a halt. However, this is where the similarities end. While Colonial kept the cyberattack information close to the chest, the lack of information resulted in the panic buying of gas and the shortages we witnessed.
JBS employed a different tactic. In their case, they informed the government and the public of the attack, contacted cybersecurity experts, and most importantly, had reliable backups in place. This allowed the public to have some reassurance that their food supply would remain stable, and we didn't see the panic buying that we witnessed with the Colonial hack. Moreover, JBS was able to get their systems back online relatively quickly.
Finally, New York City's MTA (Metropolitan Transportation Authority) reported they were attacked. According to MTA officials, while there was an intrusion, the agency's multi-layered security system prevented unauthorized access to MTA's other internal systems, such as financial information. Additionally, following best practices, the agency continues to add more layers of protection.
If you haven’t heard as much about NYC’s MTA hack, that means they must be doing something right. Not only do business owners need to be proactive about cybersecurity, they also need to understand that a breach can lead to a lot of bad press. You don’t want to be known for letting your customer data get stolen.
Ensure You are Following Cybersecurity Best Practices
Ironically, Colonial Pipeline was looking to hire a cybersecurity expert before the hack occurred. So the question is, why didn’t they already have one in place? While one could excuse a mom-and-pop operation for not having a dedicated cybersecurity expert onsite, one can hardly excuse a multi-billion dollar organization who, as we have seen, is responsible for the energy needs of millions of people.
While some cybersecurity experts believe the Colonial Pipeline intrusion may have been due to unpatched software, attacks come to fruition because of the mismanagement of IT resources and a lack of training for the users. Unfortunately, is it not uncommon for larger, even enterprise-level organizations not to follow best practices due to the inertia, “if that’s the way we always did things, why change?” Smaller businesses don’t usually get quite the same spotlight as larger organizations when it comes to cyberattacks, but it still happens regularly. This means that regardless of the size of your operation, you need to have your bases covered.
Train Your Team and Embrace Best Practices
By far, the most utilized method of installing ransomware on a system in 2021 is through phishing. Phishing is used to fool a team member into sharing their credentials or to click on a compromised link, exposing your system to malicious software. This is why you must train your employees to recognize a phishing attempt and other social engineering attacks. The reality is, your team can and should be your greatest asset in preventing cyberattacks.
However, your team can’t do it alone; they need your support. The best way you can do so is by enacting and following best practices. Some of these practices include:
- Enforcing 2FA, because yes, 2FA is worth the trouble.
- Develop appropriate access privilege levels.
- Routine monitoring and maintenance to ensure your software and hardware are up to date.
Invest in a Backup and Recovery Solution
Colonial Pipeline had a backup and disaster recovery plan in place, and while we don’t know the details, they opted to pay the ransom to recover access to their data. However, their reliance on cybercriminals to restore access indicates a lack of confidence in recovering their data using their backups entirely. Ironically, Colonial Pipeline ultimately did revert to using their backups, as the recovery method provided by the cybercriminals didn’t provide the results Colonial Pipeline expected. It’s a very strange story that continues to unfold.
Serving as the primary tool for business continuity, a backup allows your business to continue to operate after a disaster, and make no mistake, a cybersecurity breach is a disaster. Regarding a ransomware attack, your backup is the last line of defense when it comes to fighting back a cyberattack and getting back to work.
Don’t Pay the Ransom
We know it’s easier said than done, and we’re not making a judgment here. If your organization is on the brink of financial ruin, or you’re unable to provide the services your customers depend upon, paying the ransom may seem like the lesser of two evils. Unfortunately, there is no guarantee that you will regain access to your data if you pay the ransom. Additionally, it could be argued that ransomware attacks are on the rise because so many businesses pay the ransom and often attempt to keep the breach secret. In the long-term, paying the ransom can make things more expensive.
One thing to keep in mind is that many states (NY has the SHIELD Act) require a business to disclose a data breach to their customers, including making financial reparations or face severe economic consequences if they try to hide it. This means even if you pay the ransom, you have a legal if not ethical responsibility to announce the breach.
Finally, criminality thrives on secrecy and operating without consequences. This dynamic encourages bad actors to continue to attack organizations because the rewards outweigh the risks. The best way to reduce ransomware attacks is to make it more difficult for attackers to access your data by embracing best practices.
It Can Be Too Late Too Act
Unfortunately, with the rise of cyberattacks, taking a wait-and-see attitude is no longer a smart option. According to Ginni Rometty - IBM's chairman, president, and CEO, "Cybercrime is the greatest threat to every company in the world." Not just multi-billion-dollar companies, but every company, because every company depends on data to run their business. If you're a small to medium-sized business, 43% of all cyberattacks are directed at you. You can no longer be on the fence, now is the time to act and develop a cybersecurity plan. If you're not sure where to start, we can help.
Call 607.433.2200 today to schedule an appointment and learn more about our cybersecurity services and solutions. Cybersecurity must be a priority, and today's the day your business should focus on it.