Connect with us

Hi, what are you looking for?

Business

Cyber-aware: It doesn’t matter if you’re a small business or enterprise, you are a target

Hackers are lazy but efficient. They’re fans of targeting the weakest link.

Hacks have increased through the pandemic and the war in Ukraine. — © AFP/File Noel Celis
Hacks have increased through the pandemic and the war in Ukraine. — © AFP/File Noel Celis

Cyberattacks, especially ransomware, continue to pose a threat to businesses. The most serious of these in recent years was the attack that brought down a major energy supplier in the U.S. – Colonial Pipeline. At the time of the attack, millions of people across the U.S. were lining their cars up at gas stations to fuel up while they could.

To understand the key lessons learned from the attack, Digital Journal caught up with Huntress’ VP of Threat Operations, Roger Koehler. The subject matter expert outlines three key lessons to be learned in the year since the Colonial Pipeline attack.

Such actions are necessary not only for the here and now, they also carry major financial implications. For instance, in the wake of the anniversary, the Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a nearly $1 million fine against Colonial Pipeline Company for control room management failures.

According to PHMSA: “The 2021 Colonial Pipeline incident reminds us all that meeting regulatory standards designed to mitigate risk to the public is an imperative…PHMSA holds companies accountable for violations and aims to prevent any instances of non-compliance.”

The ramifications from this fine will have an impact on other critical infrastructure companies, says Koehler. This should help to dive firms to further invest in cybersecurity measures that protect the most vulnerable systems.

With the three issues:

It doesn’t matter if you’re a small business or enterprise. You are a target.

According to Koehler: “Whether you operate a meat factory, a university or a small business, you are a potential target. Sometimes, an attack is just a crime of opportunity, much like we saw with log4j, where attackers were scanning and hacking any vulnerable devices they found. Other times, attacks are targeted, as we saw with VMware Horizon. Point is, no one is immune–not even a gas pipeline.”

Attackers will find (and exploit) the weakest link.

Koehler says it is important to avoid sending out the wrong signals to cybercriminals, noting: “Hackers are lazy but efficient. They’re fans of targeting the weakest link. Sure, they could consistently go after an organization’s most critical assets (such as their servers), but why go through all that hassle when there’s a much easier route to gain entry?”

Attackers are agile. Defenders need to be, too.

Know your enemy and take their strongest parts, advises Koehler. He recommends: “Defenders can’t just keep pace with today’s hackers. We have to think ahead, continue to upskill and question to improve the status quo. We have to be on the lookout for new threats and actively learn how to combat them. That also means we should pressure our vendors to keep their products up to speed to combat not today’s but tomorrow’s threats.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The latest negotiations over European Union tariffs on Chinese electric vehicles ended in Brussels with "major differences" remaining.

Social Media

TikTok teams identified harmful effects of its platform on young users but limited preventive measures so as to avoid a drop in traffic.

Entertainment

Broadway performer Chilina Kennedy ("Beautiful") chatted about being a part of "The Great Gatsby" and her new album "Wild About You."

Social Media

You can’t just tell kids not to use screens. Screens are unavoidable. Stress can be avoided.