For Georgia, Virgina, the Carolinas and other states, it was Jimmy Carter revisited as long lines and price spikes awaited motorists at the gas pumps. Some stations as far south as St. Petersburg, Fla. ran out entirely, worrying travelers making plans for Memorial Day weekend.
We learned a few things from the Colonial Pipeline ransomware attack: fuel travels at 5 mph, and despite the FBI’s advisory against paying cybercriminals, Colonial’s vast 5,500-mile infrastructure for moving fuel couldn’t wait.
Although details from the company are scant, it allegedly paid 75 Bitcoin, or roughly $5 million, to the hackers to decrypt Colonial’s proprietary data. Actual pipelines were not physically damaged, but the company was forced to terminate fuel flows because its customer billing system was taken offline. This kind of national headline news is typical in my everyday life as CEO of Towerwall, where we help local companies with their security challenges. That criminals can commandeer access to a private network for illicit gain, encrypt the crown jewels, then threaten to sell or dump them on the dark web is sadly no longer newsworthy: this happens alarmingly all too often. Cybercrime markets have grown increasingly sophisticated. Ransomware-as-a-service kits are freely sold, complete with tech support. Our security partner Sophos found 51% of organizations surveyed were victims of ransomware, paying an average of $732,520 in total associated costs in downtime, people time, device cost, network cost, lost opportunity, and ransom paid.
Colonial has pipelines of a different sort pointing internally to its offices – all 869 of them – one for each employee, each representing a phishing target. Even with technology interventions installed, people still prove to be the weakest link in any defense posture. A Stanford study cites 88% of incidents caused by workers clicking on a phishing bait.
Help is available. A lot can be done to avoid becoming the next Colonial. Having cyber-insurance benefits not just in mitigation efforts but in prevention. Insurers are financially motivated to minimize their risk, so they will typically run a thorough assessment of your business to uncover weaknesses. Many security breaches happen via third-parties, so it’s everyone’s responsibility to monitor for updates.
Are ex-employees still on your system? Access needs to be restricted to authorized users, and everybody should use multi-factor authentication to access your network.
Use of 24/7 threat monitoring, detection and response services offer businesses a turnkey security approach. Combined with penetration testing and endpoint device monitoring, MDR services are designed to reduce the time it takes to detect and respond to threats, the most common being ransomware, phishing, and data theft.
Without a sizable IT department, small and midsized should consider outsourcing their cybersecurity needs to gain protection from business disruption. Detecting threats early is the best way to protect against cyberattack losses.
Michelle Drolet is CEO of Framingham cybersecurity services provider Towerwall.