The Colonial Pipeline is the largest pipeline system in the United States that runs on the country’s east coast and is considered critical for the economy since it supplies large quantities of petrol and other fuel types. In May, the company that operates the pipeline was the victim of a catastrophic ransomware attack, which essentially shut down the supply of fuel, causing financial loss and panic among the public. The company had to pay out $4.4 million in Bitcoin to the cybercriminal group Darkside to restore access – one of the largest ransomware-related ransom paid to date.
During later investigations, it was revealed that Colonial Pipeline’s cybersecurity and ransomware protection, which was not much better than a typical consumer smartphone, was partly to blame for the incident.
The severity and seriousness of cyber-attacks, especially ransomware attacks, have been recognized by world governments. The formation of dedicated task forces and millions of dollars spent on ransomware protection and other national cybersecurity measures have made recent news headlines this year.
However, businesses and organizations should be equally prepared to face cybersecurity threats in an increasingly hostile digital world. As in the case of Colonial Pipeline, businesses should not take ransomware protection and cybersecurity threats in general lightly.
Security measures that should be considered as basic ransomware protection
In a recent open letter, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, United States, while urging businesses to take preventive measures against critical cyber-attacks, said the following:
“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
The official communication also rightly noted that businesses that consider ransomware a threat to their core business operations fare far better than companies that only think of it as a data theft risk.
There are several other important takeaways and best practices listed in the communication that apply to businesses even in Canada and elsewhere and not just the United States:
- Multi-factor authentication: Since passwords can be easily compromised, businesses must rely on multi-factor authentication measures such as one-time authorization codes, dynamic passwords, among others.
- End-point detection: This is an important step in detecting and blocking potentially harmful activities in a network.
- Encryption: While it may not directly protect your system from malicious activities, it will keep any stolen data from being accessed by cybercriminals.
- Data backups: It’s extremely critical that data backups and system images are created on a regular basis. But it is just as important that these backups are maintained offline and not connected to the primary network because many ransomware will delete or encrypt backups, including those stored in drives connected to the same network.
- System updates and patches: A centralized patch management system, accompanied by a risk-based assessment strategy, should be used to drive your patch management program.
- Network segmentation: Since ransomware will infect and encrypt all the systems connected to the same network, maintaining different business operations on different networks can help reduce the impact of a ransomware attack by isolating it to a certain network alone. Restricting internet access to certain networks as much as possible can also help reduce the risks.
- Have a dedicated security team: Maintain a highly skilled and trained IT security team with the means and methods to effectively respond to and tackle security challenges.
- Test your incident response plan: To find out any lapses or gaps in your response plan, carry out mock drills and answer key questions to develop responses to strengthen your incident response plan further. For instance, how would you carry out business operations and for how long with a partially compromised system or lost data?
- Have a third party assess your security infrastructure: Finally, hire a capable and trustworthy third-party security team to assess the strength and weaknesses of your system and your ransomware protection measures through penetration testing. Penetration testing, also called pen testing, involves deliberately attempting a hack to uncover any potential vulnerabilities in your system or applications you use, which cybercriminals could otherwise exploit. This gives you the edge over criminals by giving you knowledge about any possible “open doors,” which you can then patch.
Ransomware attacks are here to stay, and criminals will only further develop more sophisticated malware to target organizations. For companies, the only means of safety is developing and maintaining a robust security apparatus to counter the attacks. PacketLabs is a Toronto-based penetration testing company that can be your ally in your fight against ransomware and other forms of cyber-attacks. For more information on how pen testing can make your organization more secure, write to us at email@example.com or request a free quote.