Does the Colonial Pipeline Attack a Signal of Things to Come?
As the dust continues to settle from the Colonial Pipeline ransomware attack, business professionals, politicians, pundits, and members of the public, are wondering whether it’s just the tip of the proverbial iceberg. The May 7 attack is the largest on a piece of critical infrastructure in U.S. history to date, causing widespread disarray in multiple states. Despite initial speculation that it might be the work of a foreign government, the attack appears to be profit-driven. A cybercriminal group known as DarkSide has formally taken responsibility and disavowed political motives. But despite this admission, Colonial Pipeline does signal even bolder and more sophisticated attacks are on the horizon. And businesses should not just be alarmed but take the steps necessary to safeguard their infrastructure as well as identify and remediate any weaknesses.
What’s on the Horizon
In early reports on the attack, reporters seized on DarkSide’s ties to Russia, given its rivalry with the U.S. Businesses, especially those that support critical infrastructure, must concern themselves with the possibility nation-state actors may target them. Nation-state actors have also been tied to attempts to steal corporate intellectual property. With the Colonial Pipeline attack demonstrating how vulnerable an industrial company can be, specific businesses and sectors will remain in the crosshairs of foreign governments. And with daring attacks on businesses like Colonial Pipeline, entities like the San Francisco airport, University of California, and countless companies of all sizes, no business is safe.
Cybercrime is also rising. The Internet Crime Complaint Center (IC3) ‘s 2020 report shows 791,790 reported cyberattacks. That figure represents a 69 percent increase in reported cybercrimes over the previous year, fueled by new remote work vulnerabilities, effective pandemic-related phishing schemes, and massive governmental wealth transfers. As cybersecurity professionals have been proclaiming for years, cyberattacks from corporate and government sources have been growing in quantity and sophistication for quite some time. However, given prior year-over-year numbers, the pandemic has drastically accelerated the growth of cyberattacks. Keep in mind, these are just the numbers that have been reported. Many businesses delay reporting or don’t disclose attacks at all.
Post-pandemic, cyberattacks are likely to continue increasing. As businesses continue developing and pursuing IoT technologies and automation, they create more potential access points for attackers. Attackers have also been encouraged by the success of their ransomware and other cyber schemes. Often, they are located in foreign countries, making it difficult, if not impossible, to bring them to justice and recover a victim’s assets. Given that with relatively little effort, cybercriminals can usually walk away with a significant payday, businesses — even those who have already targeted — should expect and plan for future attacks.
Many businesses, especially SMBs in low-profile industries, still have not prioritized cybersecurity, hoping their perceived obscurity will keep them from being targeted. Nothing could be further from the truth. In fact, in 2019 alone, 43 percent of cyberattacks were aimed at small businesses because they often have much weaker security measures in place. On average, these attacks cost small businesses $200,000 and have put many victims out of business. Yet despite these significant numbers, only 14 percent of small businesses were prepared to defend themselves.
Common Weaknesses, Glaring Vulnerabilities
The Colonial Pipeline attack exposed glaring weaknesses shared by many SMBs, including a lack of a dedicated cybersecurity manager, a deficit of employee cyberawareness, and poor network security measures. An IT audit of Colonial Pipeline from several years ago listed these and other deficits. While the company indicated it had implemented many of the auditor’s recommendations, there was no dedicated in-house cybersecurity manager at the time of the attack. Evidence points towards the successful use of a spearphishing attack, meaning an employee opened the door and let DarkSide walk right in. And, given poor segmentation between the company’s communications network and operational technology (OT) network, DarkSide was able to seize key operational assets.
Many SMBs are similarly ill-prepared for a cyber incident. Many rely on lean IT staff generalists and don’t have a single individual empowered to plan and make decisions regarding cybersecurity. Others rely on managed service providers (MSPs), but they may stop paying attention to cybersecurity once the contract is signed, assuming the MSP will handle everything. Not only should the SMB-MSP relationship be a collaborative and ongoing one to get the best cybersecurity results, but not all MSPs are created equal. Businesses should regularly exercise oversight over the MSP to ensure they are performing as per the contract.
Most businesses also struggle to educate employees about how to recognize cyber threats and deal with them effectively. While cybercriminals go to great lengths to convince employees that a phishing email or URL is authentic, there are usually signs that these schemes are fraudulent and contain requests that directly contradict a company’s internal policies. Nevertheless, employees continue to be duped into handing over access credentials and downloading malware onto their employer’s server.
Businesses cannot hold a one-hour webinar or cybersecurity each year and expect to develop a vigilant workforce. Instead, businesses must provide ongoing, interactive, and frequently updated training with knowledge checks, case studies, and practice exercises. Management should be driving a cybersecurity culture from the top-down and incorporating cybersecurity goals into every manager’s performance goals.
And SMBs, whether reliant on in-house staff or MSPs, must make sure the appropriate network security measures are in place, including strong firewalls, up-to-date anti-virus and anti-malware applications, and software patches. Businesses must investigate anomalous activities proactively and continuously to identify and deal with intrusion attempts rather than waiting for an attack to happen. Without doing so, they remain at serious risk.
Are you a business owner or manager in San Jose or San Francisco Bay who is unsure about your business’ level of cybersecurity preparedness? V&C Solutions can help. With over a decade and a half of experience providing managed IT services and security solutions, we’re able to work with your team to conduct a complete cybersecurity review and audit. We’ll help you identify the kinds of technical and procedural weaknesses that leave your business ripe for attack and develop and implement the plans necessary to fix them. We know that effective cybersecurity requires round-the-clock vigilance, and we provide nonstop threat detection and response services as well. Learn more by contacting us today and seeing how we can help you safeguard your business.