Transporting nearly half of the East Coast’s fuel supplies, Colonial Pipeline suffered a cyberattack that halted their operations and caused a subsequent gas shortage. DarkSide reportedly attacked Colonial Pipeline with a ransomware to steal and potentially release 100 gigabytes of data unless a $5 million ransom was paid. This method, known as double extortion, involves cybercriminals encrypting stolen data, making it inaccessible and threatening to release the information.
Cybersecurity Lessons Learned from the Colonial Pipeline Breach
There are several cybersecurity takeaways from the Colonial Pipeline attack, including these important lessons:
1. Ransomware-as-a-Service (RaaS)
DarkSide’s ransomware operated as RaaS, meaning these cybercriminals subscribed to the tools to execute ransomware attacks. Previously, hackers needed coding expertise to be successful. However, through RaaS, unskilled and inexperienced users can carry out sophisticated attacks. RaaS empowers novice hackers by providing them with an easy-to-use system for deploying ransomware.
2. Double Extortion Impact
Double extortion increases the dangers of a ransomware attack. This technique goes beyond deleting data if a ransom goes unpaid; instead, cybercriminals threaten to leak the information. Colonial Pipeline did have access to backup data and could have wiped and restored their infrastructure without paying the ransom. The organization paid the ransom to prevent their data from being exposed.
3. Aging Infrastructure Risks
Old and obsolete operating systems may be easier for cybercriminals to infiltrate. By exploiting vulnerabilities in an outdated network, cybercriminals can gain access to sensitive data and hold it for ransom.
Preventive Measures
Your organization can take the following actions to help ensure that ransomware attacks do not compromise your operations and data:
Conduct a Security Risk Evaluation Take time to identify which of your business’ critical systems and assets are most appealing to cybercriminals. This will provide you with a better idea of how to prioritize protection. Employing a cybersecurity professional to conduct a penetration test on your security system will provide the most thorough evaluation, including additional areas of weakness and risk you could be unaware of.
Keep Systems Up to Date
Update your business’ operating systems, applications and software regularly. Applying the latest updates improves systems, fixes problems and corrects any security issues discovered by developers.
Maintain Data Backups
The Multi-State Information Sharing and Analysis Center (MS-ISAC) reports that performing regular backups of important data is the most effective way to recover from a ransomware attack. Your organization should store all backups offline, out-of-band or in a cloud service so attackers cannot target them. You should also test regularly for efficacy.
Train the Team
Some of the most damaging cyberattacks occur as a result of human error. Training your employees on the importance of cybersecurity and how to identify scams can help your organization reduce the likelihood of becoming a victim.
Install Antivirus Software
Antivirus software can protect your business against many cyber threats, including viruses, spyware, malware, Trojans, phishing attacks, rootkits and spam attacks.
If an attack occurs, you should have an incident response plan ready with defined roles and communications that can be shared during an attack. Organizations that are extremely cautious and plan proactively will nest be able to minimize damage.
We’re Here to Help with Cybersecurity
For further information on the Colonial Pipeline breach or more tips on cybersecurity protection, connect with a member of our team.
© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.
“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.