Colonial Pipeline, one of the largest fuel pipelines in the U.S., stood largely paralyzed for many days after a ransomware cyberattack that took place forced the temporary shutdown of all operations.
Colonial Pipeline is owned by Royal Dutch Shell, Koch Industries and several foreign and domestic investment firms, and it plays a critical role in the U.S. power network.
The incident highlights the rising threat of ransomware incidents and the ongoing threat to the nation’s aging critical infrastructure.
Looking at the issue from the perspective of improving business resilience is Troy Gill, Manager of Security Research at Zix. Gill explains to Digital Journal the types of strategies that companies need to develop.
Gill begins by assessing the insidious nature of ransomware: “The recent attack on the Colonial Pipeline highlights the risk ransomware can pose not only to businesses but to critical national industrial infrastructure. The attack also showcases that the trend of “ransomware as service” is prolific in today’s world in addition to seeing the growing trend of more joint involvement from both private companies and government agencies to help halt the impact as quickly as possible.”
To address these serous concerns, state action is needed as Gill explains: £Similar to the FBI stepping in and removing Microsoft Exchange web shells to help safeguard organizations, I believe this involvement by the FBI and other government agencies have become critical to assist and prevent further damage with the Colonial Pipeline attack.”
Gill sees the changes that have taken place during the pandemic as making systems relatively more vulnerable. With this, Gill explains: “Many believe that this attack was a result of more engineers remotely accessing control systems for the pipeline from home using a remote desktop software such as TeamViewer and Microsoft Remote Desktop.”
The consequence of this, says Gill, is that: “The pandemic forces more employees to work from home and unfortunately, many organizations are still trying to secure their devices, remote access points, and overall networks. There is no excuse for organizations not to enforce and implement two-factor authentication (2FA) or a multi-layered authentication (MFA) protection approach.”
Gill also suggests that companies:
1. Identify and isolate/mitigate the threat, eliminate it as appropriate and confirm elimination,
2. Deploy regular security audits to identify vulnerabilities and suspicious user behavior, and
3. Ensure business-critical data is being backed up accurately and regularly.
Gill ends his discussions with Digital Journal with a warning: “It is never recommended to pay ransoms as you have no real guarantee that the attackers will cease attack nor is it certain they will provide you with the decryption keys. It is your company’s responsibility to have best proactive and reactive security measures in place so that when faced with a cybersecurity breach, you can reduce the recovery time and restore business quickly.”