Ransomware has once again made headlines, this time thanks to an attack on Colonial Pipeline. What lessons should you learn from this cybercrime event?

A ransomware attack against Colonial Pipeline has resulted in a widespread shortage of gas across the country. The encryption of the petroleum supplier’s systems forced them to shut down operations for a number of days, highlighting the vulnerability of critical US infrastructure to cybercrime attacks.

“This needs to be a wake-up call, but I worry ransomware has gotten to a point where many business leaders are just tuning it out,” says Chris Michalec, Founder, Parkway Tech. “What we never see are the massive cleanup costs associated with these attacks, nor the hundreds of other ransomware attacks that never make the news because they go unreported.”

It can be easy to ignore them most of the time, but in the fallout of an event like this, it’s important to ask yourself how it would play out if it happened to you and your business.

Do you really understand the inevitability of an attack like this on your organization?

Could you survive an attack like this?
 

Are you properly protected right now?

Take this opportunity to reevaluate your approach to cybersecurity, and learn the right lessons now — rather than in the fallout of an expensive and destructive attack.

8 Lessons To Be Learned From The Colonial Pipeline Ransomware Attack

1. No Target (News - Alert) Is Too Small

The fact is that only big-name cybercrime events make headlines. This can lead you to assume your business is simply too small to be a target — but that’s not the case.

“While Colonial is a large enterprise, these types of attacks are happening to middle market and small businesses all across the world,” says Holden Watne, Generation IX. “We recommend that our clients take the threat seriously.”

In almost half of all the cyber breaches that have occurred in recent years, a small business was the target. As reported in Verizon’s Data Breach Report and Forbes:

• 58% of all breaches in 2018 involved small businesses.
   
• 43% of all breaches involved small businesses in 2019.
   
• Ransomware attacks account for 24% of the malware incidents analyzed.

“The biggest takeaway is that it can happen to anyone and this is the new reality of the technology-driven world we live in,” says Ashu Singhal, Orion Network Solutions. “No company is too big or small for a ransomware attack. The dark web has enabled someone with even basic skills to quickly acquire ransomware code and start their own ransomware attack business.”

2. Ransomware Is About Disruption

“The Colonial Pipeline ransomware attack highlights what has become the greater risk from a ransomware attack, namely disabled IT infrastructure,” says Alexander Freund, 4it. “Ransomware was originally conceived as the primary tool for extorting money in exchange for encrypted data.  But more recently, ransomware has been used to disable an organization and its IT infrastructure from being able to operate, as is the case with the Colonial Pipeline attack.”

Despite what you may assume at first, cybercrime isn’t always theft. Cybercriminals generally aren’t interested in stealing your data or trying to gain access to proprietary information or financial accounts.

More often than not, it’s about disruption. Given how complex a business’ daily processes can be, and how much they depend on information systems, it’s easier for cybercriminals to simply try to disable your core systems and then extort money while you deal with crippling downtime.

In order to prevent disruption and limit downtime, you need a robust business continuity plan. Your plan should put forth policies and procedures regarding employee safety, business continuity, and contingencies that can be activated if your business’ facilities are damaged.

“A cyberattack doesn’t necessarily have to happen to the operational technology stack,” says Luis Alvarez, Alvarez Technology Group. “In this case, it happened to the IT network and yet they had to shut down, which shows that an attack on one system can disable an entire company despite the fact that they are not connected.”

3. Your Response Is Just As Important As Your Defense

“The overarching theme and recommendations from all folks in the cybersecurity space is that in addition to having a multi-layered defensive strategy you also need to plan for what happens after the attack and breach,” says Eric Schueler, HRCT. “If a sophisticated nation-state targets your business, they will likely succeed in breaching all of your security defense.”

What would happen if you were infected with ransomware right now?

Do you have a plan? Are your system endpoints protected? Are your backups recent, tested, and viable?

It’s a mistake to assume that just because you haven’t been hit by ransomware yet, that you won’t be anytime soon. That’s why, no matter how much you’ve invested in defensive measures, you need to also plan for the worst.

“What we all need to plan for is having the tools and processes in place so that we can be effective at the detection and response to the incident,” says Schueler.

4. Make No Assumptions About Your Cybersecurity

“The old strategy of building a strong perimeter and assuming everything inside the network is safe has become a recipe for disaster, especially as more and more employees are working remotely,” says Craig Beam, MicroXpress. “Instead, businesses today should be implementing zero-trust security policies.”

The zero-trust approach to cybercrime assumes that every aspect is a potential vulnerability until it can be confirmed otherwise. So, instead of simply investing in a strong firewall and antivirus, and assuming you’re protected, every part of your IT environment is assessed for its security.

“Zero-trust takes the opposite approach and denies everything by default unless it is approved or previously whitelisted,” says Beam. “It sounds cumbersome and complicated, but many new products have been designed to help.”

It’s important for business owners to understand that every potential part of their network is a target. Given the overall connected nature of the systems, comprising one part can give the cybercriminals control over the entire environment.

“It’s no longer just enough to protect your servers and workstations,” says Samantha Motz, Motz Technologies LLC. “Hackers can attack routers, firewalls, smart devices, and even printers! A good rule of thumb that nothing inside the network should be directly visible from outside the network.”

5. Don’t Underestimate The Role Your Staff Plays In Cybersecurity

“I see every day that employees click on attachments from someone they have never heard of, or click a link to enter their details in a website where they shouldn’t, “ says Michalec.

Did you know that more than 90% of cybersecurity incidents can be traced back to human error?

The fact is that what you (and your staff) don’t know could hurt you. If your staff isn’t up to date on the latest cybercrime scams, then they’re putting your data at risk, simple as that. The best cybersecurity technology and practices in the world can be undone by one staff member who doesn’t understand how to use them, or how to protect the data they work with.

The question is: can your staff spot a phishing email?

Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers. Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites, or include malware as an attachment.

With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data, or crucial information.

“Once again, a huge enterprise is hit through what was a small phishing email,” says Ilan Sredni, Palindrome Consulting. “Employee education plays an extremely important role in the security of your systems.  Although there are automated tools that can curve clicking on the wrong link or giving away credentials, there is no substitute for a well-trained employee.” 

6. Cybersecurity Is About What You Know

Perhaps more than anything else, effective cybersecurity is about what you know. When was the last time you had your cybersecurity audited? Do you understand the limits of your current cybersecurity defenses? It’s what you don’t know that will put you at the greatest risk.

“The key takeaway from this is just understanding how vulnerable everyone is and the risk is much higher than most people think,” says Troy Drever, Pure IT. “We would recommend a full security audit to show where the vulnerabilities are.”

No matter how much you’ve invested in your cybersecurity, you can’t just assume it’s effective enough to protect you against cybercriminals. A best practice for cybersecurity is to regularly test your measures to make sure they hold up in the event of an attack, and to identify any unseen vulnerabilities that are putting you at risk.

7. Convenience Has A Cost

“Advice to the client: if you are going to be lazy and want everything remote, you need to make sure you pay the price for the extra security you are going to need,” says Anthony Buonaspina, LI Tech Advisors.

Are you confident in your remote cybersecurity?

36% of organizations have dealt with a security incident due to an unsecured remote worker — it would make sense if you’re worried about your organization’s security right now.

According to Morphisec’s Work-from-Home Employee Cybersecurity Threat Index, 20% of workers said their IT team had not provided any tips as they shifted to working from home.

The fact is that greater security often means less convenience,  and vice versa. If your data is easy for you to access, it’s likely easy for cybercriminals to access too.
 

“If remote access is needed, it’s best to set up a VPN or virtual private connection to create a secure tunnel between your computer and the device you are trying to connect to,” says Motz.

8. Infrastructure Is Just As Valuable A Target As Data

“Cyber-attacks on our infrastructure and our way of life have been a concern for several years now and will continue to increase as the demand for resources, political power, military power, religious dominance, and technological and medical advances are constantly being fought over; it’s survival of the fittest,” says Alan Harrylal, Sr. Cybersecurity Engineer, Forthright Technology Partners.

Cybercriminals are learning that it’s far easier (and more effective) to target infrastructure instead of assets. Why bother trying to break into a company’s bank account when you can simply attack their ability to operate, and then extort them in the fallout?

Similar to the above lesson about disruption, it’s important to understand the damage cybercriminals can do by focusing on ancillary and lower-priority systems. The end effect is still the same — expensive downtime, destroyed reputations, and worse.

“There needs to be more emphasis on protecting critical infrastructure such as those that process and provide fuel, power, and other critical resources for life and economic survival,” says Harrylal.

How Can You Protect Your Business From Ransomware?

If reading about these ransomware attacks makes you wonder if your business is vulnerable to security breaches and cybercriminal attacks, then don’t wait until you are attacked to come up with a plan.

Learn these critical lessons and act now, before it’s too late to protect yourself. If you’re not sure where to begin, get in touch with an expert IT partner, like one of the many experts consulted in this article.