What Canadian Companies Can Learn From The Colonial Pipeline Ransomware Attack

What Canadian Companies Can Learn From The Colonial Pipeline Ransomware Attack

The Colonial Pipeline Ransomware attack on May 7, 2021, is a reminder of the impact of cybersecurity crimes on everyday life. Is your business secure? 

With each passing day, the cybersecurity space becomes better for businesses. However, while technological improvements are beneficial for companies and institutions using internet-based services, they also expose companies to security risks. Cybercriminals are also growing more innovative and resilient, always finding new ways to access private information and systems. Unfortunately for Colonial Pipeline, on May 7, 2021, hackers found access and wreaked havoc.

The Colonial Pipeline Ransomware Attack

Colonial Pipeline, a major oil products distributor in the U.S., halted using a 5,500-mile pipeline network after a ransomware attack hit the company. The company, which distributes gasoline, jet fuel, and diesel between the U.S. Gulf Coast and the East Coast, shut off as a supply line that provides up to 45% of the East Coast’s fuel.

The hackers launched a ransomware attack against the corporation’s computer network. This means that the attackers held the victim’s data hostage until they paid a ransom. While the hackers did not directly attack the pipeline, the company admitted that it shut down the line as a precautionary measure. The company wanted to avoid further attacks on susceptible parts of the pipeline.

The company stated that they confirmed the ransomware attack on Friday and issued a statement on Saturday, May 8. Due to the gravity of the situation, the F.B.I., the Energy Department, and the White House combed into the matter. The incident highlights the vulnerabilities of old and infrastructural systems that are entirely or loosely connected to the internet. How susceptible are the systems?

The Cost of The Attack on Colonial Pipeline

Colonial Pipeline brought in FireEye, a cybersecurity company, to assist. The latest reports have now linked the crime to DarkSide, a hacker group. According to experts, the group sells ransom-as-a service and launches attacks by ransomware of sale to other groups. Elliptic, a blockchain analytic firm, found the group’s bitcoin wallet, which contained up to $90 million in bitcoin. However, the group shut down eventually after emptying the wallet. The payments were an accumulation of months of ransomware attacks on different victims.  Colonial Pipeline paid nearly $5 million in ransom to the attackers.

Although normal services resumed on Monday, May 10, many fuelling stations ran out of gasoline due to panic buying. Officials have assured all residents of adequate fuel supply.

Preventing and Responding To a Ransomware Attack

The attack on Colonial Pipeline is an opportunity for companies to scrutinize their security and vulnerabilities further. While Colonial Pipeline made the headlines because it’s a major corporation that provides essential services, smaller businesses also suffer at the hands of hackers. The cost of ransomware in 2021: A country-by-country analysis found around  4,257 ransomware attacks in Canada, at an estimated minimum cost of US$164,772,274 and a maximum of US$659,246,267. Can your business handle the financial implication of a cyber attack?

What’s more, a ransomware attack puts your information on hold until you can pay the ransom. If you have a backup, you can access it and use it to run operations until you can retrieve the information. However, an attacker can wait long enough until they have access to your backups, which renders you completely helpless.

It’s also crucial to remember how ransomware attacks are launched. In most cases, hackers spread ransomware through phishing emails, which unsuspecting employees use to access malicious attachments or infected websites. These attacks play on the user’s fear, and trick them into downloading or installing malicious software.

While you cannot prevent all types of breaches, you can take several measures to protect yourself.

• Businesses need an incidence response plan that prepares them for various levels of attacks. Having an incidence response team and protocol for a cyber attack can help you respond to a situation quickly to ensure business continuity. Robust and reliable backups are also crucial to protect business information.
• Employee training throughout the organization is crucial to reduce the occurrence of ransomware attacks. Anyone in the company can fall victim to a phishing scam. Continuous training and reminders are essential to keep everyone on high alert.
• Companies and businesses should update their authentication systems to limit access to critical information and servers. Authentication systems also provide access footprints, which companies can use to investigate incidents, especially when they happen from the inside. Usernames, passwords, and other authentication data such as biometrics are essential to bolster security.
• Businesses should hire external cybersecurity experts to improve their security. After the attack, Colonial Pipeline invited FireEye to assist. Hiring experts to scrutinize and update your cybersecurity is the best way to prepare for an attack.

If an attack happens, it’s equally important to hire cybersecurity experts to investigate your vulnerabilities and the source of the attack. You can then use the reports to issue patches and upgrade your systems accordingly.

• Continuous monitoring and real-time detection are crucial to preempt attacks or respond quickly to an attack. Colonial Pipeline realized that they had been compromised and shut down the pipeline to prevent further damage. Quick detection and response can help you avoid the escalation of an attack.
• Company policies should align with cybersecurity protocols. Care should be taken to prevent users from altering company systems or accessing company systems with unauthorized devices. Patches and updates should occur automatically to reduce reliance on manual operations by individual employees who can easily forget.
• Spending on cybersecurity is no longer an option for any business that hopes to survive in the future. Hackers are getting smarter and always finding ways to manipulate your vulnerabilities. Investing in your security is vital to mitigate the cost of an attack.

Conclusion

Your ability to prevent, detect, respond and mitigate attacks directly affects your chances of survival when an attack happens. Having a plan in place is the best way to protect your business assets and avoid costly financial implications on your business and customers.

EB Solution works with you to manage I.T. operations and improve cybersecurity. Our experts provide early detection of attacks, investigate and patch loopholes, and continually monitor your systems to prevent attacks. Contact us today to learn how you can secure your business.