Understanding Cybersecurity Maturity Model Certification (CMMC)
[ZOOM EVENT] Wednesday, June 23, 2021 @ 11AM-12PM ET REGISTER HERE
COLONIAL PIPELINE HACK SHOULD SERVE AS WARNING FOR ALL BUSINESSES
Ignoring cybersecurity can be costly
By Ken Michael
Last Friday, May 7, 2021, the Colonial Pipeline Company realized it had become the victim of a cyberattack. The company, which operates the 5,500-mile Colonial Pipeline system, transports roughly 45 percent of the gasoline and diesel fuel consumed by East Coast states from Houston all the way to New York. The cyberattack disrupted the company enough that it shut down its pipeline causing widespread panic buying of gas as retailers began running out of fuel.
This latest hack should serve as a wake-up call to all business leaders, especially those in the energy and manufacturing industries as well as those involved with the defense industrial base (DIB). If bad actors can so easily penetrate an energy company, it likely wouldn’t be difficult for them to do the same with other companies, energy providers, and even the defense industry.
Such cyberattacks can spell real trouble for all of us, up to and including our national defense. That’s one of the main reasons the United States Department of Defense (DoD) has now implemented the Cybersecurity Maturity Model Certification (CMMC) program for any company or subcontractor doing business with the DoD. Our government has come to the realization that cybersecurity is a real issue and now the energy sector and other businesses should follow suit.
The Colonial Pipeline Hack
According to a report by the Wall Street Journal, representatives from Colonial Pipeline Company learned they had experienced a ransomware attack last Friday and “took certain systems offline to contain the threat, which temporarily halted all pipeline operations.”
Ransomware is a type of malicious software that seizes data from a computer system and encodes or deletes it. It is typically installed through a phishing email and email attachments. The cybercriminals responsible hold the data for ransom. If the organization under attack doesn’t pay the ransom within the given timeline, the hackers threated to never return the data. If the company does pay the ransom, the attackers may or may not release the data back to the victim. It’s a crapshoot.
In this particular case, Bloomberg reported today that Colonial Pipeline paid the hackers responsible nearly $5 million in ransom. The United States Federal Bureau of Investigation (FBI) said the cybercriminals responsible in this case are from a group known as DarkSide located in Eastern European or Russia. The payment occurred on Friday shortly after Colonial officials became aware of the attack via cryptocurrency that is difficult to trace. Once the hackers received payment, they provided the decrypting tool to restore Colonial Pipeline’s disabled computer network. Colonial got lucky.
While Colonial Pipeline Company was able to recover access to its computer systems and resumed fuel shipments at about 5 p.m. Eastern Standard Time yesterday, not all organizations who pay ransoms are so lucky. As a matter of fact, the FBI discourages businesses from forking over funds in ransomware cases. Not only do such large payments embolden hackers when it comes to committing future attacks, but not all organizations who pay the ransom regain access to their systems and data.
Ransomware an Ongoing Threat
Ransomware is nothing new. In the third quarter of 2020 alone, there were a total of 199.7 million ransomware attacks globally. The price of paying ransoms can be quite costly. There were ransomware attacks with demands of more than $40 million, according to a piece by Security Intelligence.
Additionally, no industry is safe from the ongoing threat of ransomware. From manufacturing to education and healthcare, all businesses are at risk of such cyberattacks. There is now, unfortunately, a lengthy history of companies from across the board being victimized.
In the case of the Colonial Pipeline Company this week, it leads us to ask why the company wouldn’t air gap its systems. Air gapping is allowing your network and systems to work together and communicate without allowing them to connect to the internet and other outside sources. Had the company implemented air-gapping in its various systems, even a hack of one part of the network would not have led to even a temporary closure of the pipeline. Panic across the Eastern seaboard could easily have been avoided.
How to Battle Ransomware
There are many preventative measures every organization can take to stop ransomware regardless of industry. Start with the following cybersecurity basics:
Don’t Click It Until You Check: Never open suspicious emails or those from unknown sources. This is just as true for links within the emails or attachments. If a known source sends you an unexpected email with links or attachments you weren’t expecting, call them directly to ask if they emailed you before clicking on them. They may have been hacked.
Employ Scanning and Filtering Software: When it comes to email, use scanning and filtering software will aid in preventing ransomware attacks. Such software reduces the odds of ransomware even making it to the inbox of your employees in the first place.
Back It Up: Ensure you have backed up all data in an external hard drive that’s not connected to your computer. You can also back up data in the cloud so that you don’t get stuck paying a ransom should you get hacked.
Avoid Sharing Personal Information: Whether you receive a call, text, or email requesting personal information such as logins, passwords, or financial information, do not respond without verifying the source of the request first. The request may be coming from a cybercriminal.
Train Staff: Provide ongoing, regular training regarding cybersecurity threats such as ransomware to every employee. Such training should occur during onboarding and at least every six months thereafter. This will arm your employees with knowledge to help protect your organization and further reduce the odds of a ransomware attack.
While the Colonial Pipeline Company has suffered a serious blow over this very public attack, this incident should serve as a lesson for all businesses, whether in energy, defense, or other industries. Now is the time to take a long, hard look at your organization’s cybersecurity. Update your hardware and software, develop a cybersecurity plan, implement the latest programs to shore up your systems, have backups in place, limit access, and have a plan for when a cyber incident does occur. As cybersecurity and IT experts, Dox can tell you it’s not a matter of it, but of when.
For information about conducting a cybersecurity audit, securing your computer systems, and more, contact Dox now at (585) 473-7766. The call and initial consultation are free. We work with businesses of all sizes across the U.S. Ignoring the need for updated cybersecurity can be costly for any company.