Three Cyber Security Lessons from Colonial

The Colonial Pipeline ransomware attack was not an anomaly. It was not an isolated attack. It was not unique. It received a lot of attention because it threatened the entire east coast of the United States with a fuel shortage that would go down in history. The consequences of this attack were dire but, fortunately, not deadly. A new infiltration on JBS SA has put 20% of the United States beef production at risk. Fuel, food, transportation and other critical infrastructure are under attack. Future targets could be even more consequential and potentially deadly. What can organizations learn from analyzing this and other cyberattacks on critical infrastructure?

Present Versus Future Costs

The Washington Post reported that nearly 2400 health care facilities, schools and government institutions were hit by ransomware attacks last year. The ransom is often paid in cryptocurrency. Chainanalysis, a firm that tracks cryptocurrency payments, estimated that victims paid over US$400 million in 2020, a 400% increase from 2019. Colonial CEO, Joseph Blount confirmed that the company paid US$4.4 million in ransom to the attackers.

The increasing number of ransomware attacks and the cost of paying demands has not been lost on companies that insure businesses against such losses. Insurance premiums have risen 50% since last year. Some companies are getting out of the cyberattack insurance business altogether which will likely lead to even higher premiums in the future.

Finally, factor in the potential lost business due to a lengthy (or even short) shut down. Short-term opportunity costs of immediate lost revenue and long-term loss of business from customers who switch to competitors need to be considered.

Government Intervention

In the United States, the Department of Homeland Security (DHA) is currently planning on issuing a new set of regulations targeting the energy sector as a result of the Colonial attack. There are hearings scheduled in the Congress focusing on improving cybersecurity. Sector by sector, as attacks become more bold and more severe, legislative attention becomes more likely.

Regulatory management and compliance is an expensive business. There are direct costs such as regulatory applications and fees as well as indirect costs related to internal staff delegated to managing the process. Staying out of the spotlight is far more efficient than becoming a regulatory target. Businesses that deal in critical infrastructure are the most likely to have a bright light shine on any cyber breach. There is also legislative discussion about making paying a ransom illegal. This will put organizations between the rock of getting the business back up and running and the hard spot of legal action if a ransom is paid.

We Can Do Better

The moral of this story is that cutting budget corners when it comes to cybersecurity is a fool’s game. The old adage, “do it right the first time”, rings true here. Develop a robust security strategy that includes multiple levels of attack prevention, monitoring, analytics and information protection.

It is critical to develop impenetrable Intrusion Detection and Prevention as well as multi-level Data Loss Protection. Keep bad actors out and, if they get in, do not let them get access to business data. This practice requires a variety of specialized tools to monitor incoming data and to require strict credentials for access to stored company information.

Studies have determined that such programs can require as many as seven specialized tools for each link. This level of protection may seem impossible even for an expanded security budget. However, picking the right tools and the right tool management connectivity can bring the goal of robust cyber security into the realm of feasibility.

Visibility Strategy for Business Continuity

Network Critical is a global innovator of visibility products that efficiently connect security tools allowing organizations to establish robust information protection within a realistic budget. Visibility is a critical component of security. Without monitoring and protection tools, networks are vulnerable to cyberattacks and acute damage to the business as a whole.