Is your organization taking cybersecurity seriously enough? Because the attack on the Colonial Pipeline clearly highlighted the real-world consequences of not doing so. Today we’re giving a brief rundown of what transpired to make sure everyone is caught up.
The Colonial Pipeline Ransom
On Friday, May 7, 2021, Colonial Pipeline said that a cyberattack forced the company to proactively close down operations and freeze IT systems. This measure “temporarily halted all pipeline operations” and cybersecurity firm FireEye, which operates the Mandiant cyberforensics team, was reportedly pulled in to assist. That’s 5,500 miles of pipeline, which carries 45% of the east coast’s fuel supplies. As a result, gas stations along the coast were near or at empty, with drivers scrambling for as much as they could find. Ultimately, Colonial Pipeline paid the ransom, and $4.4 million went directly to the criminals.
The shutdown of such a vital pipeline highlights the extreme vulnerability of aging infrastructure that has been connected — directly or indirectly — to the internet.
Ransomware Is Getting Worse.
In recent months, the frequency and sophistication of ransomware attacks has soared. Virtually no industry has been left untouched. Recent victims are as varied as the District of Columbia police department, hospitals treating coronavirus patients and smaller companies who frequently try to hide the attacks out of embarrassment that their systems were breached.
Hospitals, of course, make good targets for ransomware, because victims are more likely to pay the ransom as quickly as possible given the literal life or death consequences of any delay in accessing their systems. A 2017 ransomware attack on the UK’s National Health Service cost tens of millions of dollars, and nearly 20,000 patient appointments had to be canceled while the system was offline, compromising their care. And especially since the beginning of the COVID-19 pandemic, the frequency of attacks on hospitals in the United States and around the world has increased exponentially.
Protect Yourself. Listen to (and Follow) the CISA Advisories.
In January 2021, CISA unveiled the Reduce the Risk of Ransomware Campaign to raise awareness and instigate actions to combat this ongoing and evolving threat. The campaign is a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate ransomware risk. These resources are designed to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. CISA also encourages you to take a look at some of the other resources made available by their interagency partners — namely NIST at the Department of Commerce, as well as the National Cyber Investigative Joint Task Force.
Seriously, if you’ve been putting off cybersecurity for whatever reasons you believe make it either unnecessary or untenable — whether it’s your company budget, time, manpower, or any other resource — you need to reevaluate your position on the matter. The stakes are way too high now. Let us help you.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!