Despite the increase in massive cyber breaches since SolarWinds, insufficient security practices prevail. The recent Colonial Pipeline breach confirms that cybersecurity is no longer as easy as anti-virus protection software.
The series of cyber attacks seen in the last six months illustrate the constant, and ever-evolving security risks organizations currently face. Regardless of their size, brand awareness, or data storage/cloud strategy, businesses must operate knowing that a breach is no longer a matter of If but When. In fact, given the rapid advancements in the technology of attackers, the safest companies will be those that operate as if a breach could occur at any moment.
The rampant risk organizations face is no surprise, especially given the hastened move to remote work last year. In fact, most hackers penetrate businesses through Microsoft 365 email accounts, one of the most popular email servers, and one whose use skyrocketed during the pandemic.
Keeping up with the constant news of attacks is near impossible, but the breach announced recently regarding Colonial Pipeline is being tagged as one of the largest in history. The oil pipeline company, based in Houston but distributing energy across the U.S., was targeted by the group Darkside. The attack effectively disrupted energy distribution to various states, leading to oil shortages in the east coast, and eventually resulted in a paid $4.3 million ransom.
What is perhaps most deserving of attention in the incident is not what happened, but what could have happened. DarkSide was able to penetrate the information technology (IT) and Operational Technology (OT) of Colonial’s network. This access enabled them control of the oil pipelines, referred to as SCADA (Supervisory Control and Data Acquisition). The SCADA environment manages the flow of the pipelines and determines the pressure pushing fluid through the pipes. In accidental situations, changes to SCADA have led to explosions and caused injuries and death. Through control of the SCADA, a malicious actor could certainly have impacted U.S. citizens far beyond their pockets.
COMMON MISCONCEPTION
“We don’t manage 45% of the United States' oil distribution, why should we care?”
Smaller organizations often cite the massive scale of companies like Colonial Pipeline as a reason they themselves don’t need to worry. In light of the breach, SMB energy organizations may be thinking “We don’t manage 45% of the nation’s oil distribution, why should we care?”
The answer is, because larger companies are not the only ones with valuable data and customers to protect. Additionally, since SMBs often lack proper cybersecurity measures, bad actors may find them an easy target. In fact, according to a report by Verizon, almost 30% of breaches in 2020 involved small businesses. Lastly, ransomware, the malware facilitated by RaaS and used to penetrate Colonial pipeline, is the one of the most cited malware threats by SMBs.
The lessons to be learned from the breach may vary from business to business, but a key takeaway is the need to focus on Ransomware-as-a-Service (RaaS). DarkSide is a private Russian-based, which sells its ransomware tools and services, in a subscription-based model, to other attackers. While DarkSide itself claims to have certain operating morals, such as never attacking hospitals or educational organizations, RaaS makes it easier than ever for malicious actors to utilize sophisticated and proven ransomware technology.
Large or small, every business can work to improve where Colonial failed. In this case, the cyberattack victim failed in at least three of four best practice areas:
Ready to secure your organization from threats like DarkSide? Speak with your IT advisor about implementing strategies and technology which align with the best practices outlined above. If you don’t have one, or need an extension of expertise, call us to help design and execute IT security solutions which will ensure you are prepared to prevent and respond to a breach.