Important takeaways from the Colonial Pipeline ransomware attack

Important takeaways from the Colonial Pipeline ransomware attack

Colonial Pipeline was hacked by the Eastern European cybercriminal gang DarkSide on May 7, 2021. The hackers encrypted Colonial Pipeline's data and demanded ransom in exchange for decryption This compelled Colonial Pipeline’s CEO to pay out over $4.4 million in Bitcoin a few days after the hack, despite the conventional belief that one should not give in to ransomware operators in hopes of retrieving data.

Ransomware is becoming such a crutch on business operations these days that everyone should take steps to mitigate them. Even small-scale Huntsville businesses have learned the implications of ransomware attacks the hard way. For example, Huntsville city schools were hit by ransomware in December 2020, leaving the Social Security numbers of teachers and staff vulnerable to theft and abuse.

It’s therefore important to learn from ransomware attacks of the past to improve security systems and data management processes. Here are some of key learnings from the Colonial Pipeline ransomware attack:

Online attacks can cause physical damages

First of all, ransom payouts are expensive. But while most security experts will advise against paying the ransom, that decision is much more complicated when considering the specific nature of the compromised data. Many companies give in to the ransomware operator’s demands out of the sheer sensitivity of the data lost, which can cost millions of dollars. This not only hurts the business’s financial health, but there’s also no guarantee that the data will be safely returned.

Aside from the expected financial losses to ransomware operators, your business operations can be significantly hampered by the attack. Cybersecurity experts often follow the incident response process PICERL to limit the damage and restore systems infiltrated by ransomware and other malware. PICERL stands for Preparation, Identification, Containment, Eradication, Recovery, and Lessons learned.

Containment is a critical step in the process, but it tends to bring operations to a screeching halt. Colonial Pipeline did not have enough redundancies in alternate locations, which prevented them from resuming operations while their main data repository was undergoing containment and eradication.

US national cyber defenses are in dire need of upgrades and updates

There are two main points of conversation regarding cyber protection in America:

    1. National cyber defense has gaps in authority

    As it stands, national cyber defense is split between the Department of Defense and Homeland Security. This leads to gaps in authority, meaning it can sometimes take time to establish jurisdiction and, subsequently, intervention. So in the event of a ransomware attack, it may take too long to identify which agency should provide assistance to the victim. By the time they figure it out, the attack will have already caused irreversible damage.

    2. Talent shortages lead to bad outsourcing

    Outsourcing your cyber defenses isn’t necessarily a bad thing, but less than judicious assessments of your external IT partner is a surefire recipe for disaster. For instance, the SolarWinds ransomware attack, one of the most devastating in history, happened in part because the company outsourced their software development to an Eastern European tech company. This left the company vulnerable to ransomware operators in the EU/Russia, many of which were found to be bankrolled by individuals with ties to other cybercriminals in the region.

    It’s important to note that talent shortages in your organization — particularly with regard to IT and cybersecurity — can be adequately solved by partnering with reputable managed services providers (MSP). It is for this reason that we at F1 Solutions put a lot of effort into collecting credentials and expertise. This way, we can prove to all our clients that they are receiving expert advice and services without having to expend too much resources on IT staffing.

This is why every company must have a proactive cybersecurity strategy. The negative impact of an attack against one organization can trickle down to more organizations.

IT MSPs can fill the gaps

IT MSPs are a popular solution these days. They can ensure your technology is keeping up with the demands of today’s business environment while still providing your organization’s specific needs. For instance, F1 Solutions’ Microsoft 365 service can address your business’ IT and tech needs, such as data management, collaborative productivity, and information security. Best of all, you’ll get top-notch, inside-out support from F1’s expert technicians.

Moreover, partnering with a local IT security provider ensures that your IT systems are maintained using tools and software that are readily available in your region. This is noteworthy because global software developers tend to include region-specific features in their software. Also, partnering with a local provider will ensure that they can be held accountable for any issues and that they are more likely to be transparent about the state of your network. They would also be more invested in bringing out the best in your business and other members of your community.

Make sure your information system is fully protected from ransomware and other malware. Our experts at F1 Solutions can provide you with a system check and advise you on how to defend your business. Contact us today to schedule your assessment.

Need help finding ways to reduce business costs? Our FREE eBook has the answer.Learn more here