Connect with us

Hi, what are you looking for?

Business

How can firms avoid another Colonial Pipeline ransomware incident?

Ransomware request, it may not be legal to pay ransom in the U.S. soon, which will reduce organizations’ avenues for quick recovery of data.

Sailors on the watch-floor of the Navy Cyber Defense Operations Command monitor, analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks. — U.S. Navy photo by Mass Communications Specialist 1st Class Corey Lewis/Released
Sailors on the watch-floor of the Navy Cyber Defense Operations Command monitor, analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks. — U.S. Navy photo by Mass Communications Specialist 1st Class Corey Lewis/Released

In May 2021, one of the U.S.’s largest fuel pipelines, Colonial Pipeline, was forced to shut down due to a cyberattack. Behind the attack was a ransomware threat.

Ransomware is a type of malicious software cyber actors use to deny access or availability to systems or data. The cyber actor holds systems or data hostage until the ransom is paid.

Following the attack, Colonial Pipeline CEO Joseph Blount made the decision to pay the hackers the $4.4 million ransom in an attempt to quickly restore service after the attack threatened the entire East Coast supply. 

Was this the right thing to do? In the case of Colonial Pipeline, it is a big operation. The pipeline delivers nearly half the diesel and gasoline consumed on the East Coast of the U.S. In addition, the company provides jet fuel to major airports, many of which hold limited supplies on site.

It is increasingly common for firms to pay ransomware. A recent report looking at the U.S. found that many are paying attackers’ ransoms. This is occurring even though the consensus is that companies should never comply with attacker demands.

This also goes against U.S. government advice, where bodies like the FBI have reiterated that in no circumstances should individuals or businesses pay to regain access to information.

According to new analysis from Ric Longenecker, CISO at Open Systems, provided to Digital Journal, this is not good news as it gives cybercriminals more scope.

Longenecker opines: “Colonial Pipeline resorted to paying millions of dollars in ransom in an attempt to keep critical infrastructure afloat. In the short period of time since, there have been several other highly impactful events such as the Irish health system cyberattack.”

It is also important to note that, in the future “it may not be legal to pay ransom, which will reduce organizations’ avenues for quick recovery of data”, according to Longenecker.

This means that boosting security now is the priority. Longenecker  advises: “The bottom line is that most traditional in-house security programs don’t adequately address today’s risks.”

This means “it’s crucial for companies to enhance their security postures so they can continue focusing on what they’re good at while leaving cybersecurity to the experts. That is why many organizations today are relying on managed service providers (MSPs) that deliver dedicated analysts, operational AI and machine learning technology, effective detection and response, and the ability for teams to establish recovery plans so they’re ready to contain threats quickly in worst case scenarios.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

US Special Representative for North Korea Policy Sung Kim speaks to reporters outside of the State Department - Copyright GETTY IMAGES/AFP/File Kevin DietschA US...

Tech & Science

The wet winter the American southwest has hoped for as it battles extreme drought and heat is increasingly unlikely to materialize.

Entertainment

A common awareness of sustainability has led during recent years to an intensive, creative co-creation process between BMW and Coldplay.

Business

The US employment market is highly geared to what could politely be called outdated structural protocols.