What the Colonial Pipeline Attack Can Teach Small Businesses
Each year, cyberattacks and cybercrimes have been growing in both quantity and sophistication, costing businesses, governments, and individuals billions around the globe. As IT security professionals and law enforcement authorities scramble to keep pace, they often find themselves addressing the aftermath of cyber incidents that could have been easily prevented. Despite the increasing frequency and magnitude of these events, too many businesses still fail to implement the proper measures to safeguard their systems, making themselves easy targets for cybercriminals.
The ransomware attack on the Colonial Pipeline is illustrative of this trend. The recent attack on critical national infrastructure that provides gas to 45 percent of the Southeastern United States occurred as a result of the Colonial Pipeline Company’s significant cybersecurity vulnerabilities. While Colonial Pipeline earns hundreds of millions in revenue each year, businesses of all sizes and industries share the same vulnerabilities because they have not adequately prioritized cybersecurity.
The Colonial Pipeline Attack, In Brief
On May 7, a group known as DarkSide successfully breached Colonial Pipeline’s network through a spearphishing link. They sent emails that appeared legitimate to the company’s employees encouraging them to click on a link. Once an employee did, they inadvertently downloaded ransomware — a type of malware designed to encrypt key systems, after which criminals can demand a ransom for their release. Further, DarkSide stole 100 gigabytes worth of sensitive information, which they threatened to publish online if the company did not pay approximately $5 million.
Contrary to best practices, Colonial Pipeline did not appropriately segment their communications network from their operational technology (OT) network. As a result, DarkSide’s ransomware encrypted key operational assets at one of the company’s gas facilities. The company’s emergency response planning documents did not include a contingency for cyberattacks, however, key personnel, fearing their OT network had been or could be further compromised, shut down the pipeline.
As a result, consumer panic buying resulted in fuel shortages and inflated prices in multiple states. The White House and state government officials issued emergency declarations, and politicians across the ideological spectrum called for further regulation. Though the company paid the ransom, they were forced to restore operations from backup data rather than decrypting their compromised systems. The service shutdown itself lasted six days, yet the consequences for the company and consumers have lasted considerably longer.
The New Reality of Ransomware Attacks
Unfortunately, ransomware attacks are not new and are growing in quantity and scope. Often perpetrated by overseas actors, asset recovery is extremely challenging in most cases and impossible in others. Companies must work to prevent these attacks from occurring, as once a cybercriminal has found access to your network, it’s too late to act. The Colonial Pipeline attack is a showcase of common IT security gaps, including:
- Failing to properly segment their communications network from their OT network.
- Having inadequate employee cybersecurity awareness training in place.
- Employing ineffective security measures to prevent suspicious downloads.
- Lacking a dedicated cybersecurity manager with the authority to effectively manage network security.
- Not having an emergency response plan that included contingency planning for cyberattacks.
These gaps are not only present at large companies. In fact, they may be more pervasive at small businesses, whose senior leaders may believe their firm is too small to provide an enticing target. However, even among those businesses that strive to take cybersecurity seriously, it is often deprioritized de facto, as:
- Overburdened in-house IT staff do not have adequate time to effectively secure their systems given other daily responsibilities.
- In-house generalists lack the expertise to properly safeguard their assets, as well as the time to develop the necessary proficiency.
- Budgetary constraints and organizational dynamics have impeded the firm from hiring a dedicated cybersecurity manager.
- Myopic management has limited the scope of emergency planning to include only a narrow set of emergencies.
- Employee cybersecurity awareness training has been inconsistent, ineffective, or both.
However, no matter the current state of your IT practices, Colonial Pipeline should serve as a warning about the immediate need to ensure cybersecurity practices. And in case, other leaders at your team still believe that your company is too unimportant to be a target, consider:
- DarkSide specifically disavowed a political motive in their attack against Colonial Pipeline. In other words, they were in it for the money.
- A recent Accenture study found that small businesses make up 43 percent of cybercrime targets.
- Another recent study found that 71 percent of ransomware attacks target small businesses, given that cybercriminals know small businesses usually have fewer security measures in place than large companies.
What You Can and Must Do Now to Prepare
No matter whether you’re a rapidly scaling tech company in Silicon Valley or a scrappy Electric City start-up that’s just rented your first office, you must take immediate steps to safeguard your IT assets.
Update/Upgrade Your Security Measures
Make sure that your anti-malware and anti-virus programs are constantly updated with the latest versions. Also, make sure your IT staff are keeping current on new software patches and applying them to prevent criminals from exploiting vulnerabilities.
Develop an Effective Emergency Response and Backup Plan
Update any existing emergency plan by incorporating common cyber incidents that may occur. Clearly delineate roles and responsibilities so that your team can act quickly in case of an attack. Also, if you don’t already have one, develop a data backup and recovery plan that keeps copies of your data somewhere offsite and secure. If your network is ever compromised, regularly updated backups can help you resume operations quickly.
Utilize Access Controls to Mitigate Your Malware Risk
Companies don’t just need to be targeted to fall victim to ransomware. Often, an employee may download software that may seem authentic but is, in fact, malicious. Safeguard your assets by restricting the ability of employees to download and run software on your network.
Train Your Employees
Cybercriminals often go to great lengths to dupe employees into believing that an email they have sent is from a legitimate source, or the software they are downloading is authentic. However, employees who have been properly trained can often spot inconsistencies that may help them flag these efforts as fraudulent. Hold regular training with employees that include knowledge checks. Also, make sure to update the curriculum regularly, integrating the latest best practices and tips for recognizing cyber threats.
Managing IT security can be challenging even for experienced staff. And when you’re running a small business with everyone wearing multiple hats, your IT staff likely lack the time to properly secure your business. In fact, your IT department could be just one person, managing everything until you scale enough to hire more people. But you don’t need to wait to provide IT with the resources it requires to support and protect your business. When you partner with a managed services provider, you enjoy the benefits of a secure IT infrastructure that can be tailored to your business needs.
tech42, which works with Scranton and Wilkes-Barre area businesses, not only provides the infrastructure, but also the IT services, your business needs. You can free your IT staff up from time-consuming, basic helpdesk duties, giving them time to safeguard your business and perform revenue-driving work. We keep on top of the latest security best practices and emerging threats and can help you develop and establish the necessary internal policies and protocols to keep your business safe.
Looking to get started? Contact us today and take the first step towards securing your business.
Michael is the President and owner of tech42 LLC. He has more than 20 years of cross-discipline experience in the information technology industry, and has worked both as a network engineer and software developer. He is a passionate student of the interaction between technology and business and leveraging that knowledge to help tech42’s clients achieve both technology and business success.