What Canadian Companies Can Learn From The Colonial Pipeline Cyber Attack
A ransomware attack is one of the favourite weapons wielded by cybercriminals all over the world. Every year, millions of them are disrupting operations of numerous companies in North American and beyond.
The latest major ransomware attack occurred in May 2021, in the United States. It took down the largest gasoline pipeline — Colonial Pipeline, spiking fuel prices and causing nationwide panic.
Just like any cyberattack, this one could have been prevented with proper cybersecurity measures. Unfortunately, even the largest companies behind the critical infrastructure of the country leave loopholes that make them vulnerable to these attacks.
Let’s take a closer look at what Canadian companies can learn from the attack.
Colonial Pipeline Ransomware Attack: What Happened?
On May 7, 2021, Colonial Pipeline suffered a major ransomware attack. The attack interfered with the company’s billing system and forced the decision-makers to shut down the entire pipeline. While the operation programs weren’t affected, the shutdown was initiated to contain the attack.
Cybercriminals demanded a ransom in the size of 75 Bitcoin, which at the time of the attack was about US$4.4 million. In exchange for the ransom, criminals promised to send a program that could restore the billing system’s function. If the company failed to pay the ransom, the culprits threatened to release 100 GB of sensitive information they stole during the attack.
The fuel giant paid the ransom within several hours of the attack. However, the decryption software criminals sent in exchange for the money was excruciatingly slow. The company had to use its own backup for restoration.
Criminal: The FBI believes that the criminal group “DarkSide” is behind the attack. The group neither confirmed nor denied its involvement.
Impact: Due to the 5-day Colonial Pipeline’s shutdown, fuel prices increased by 6 cents per gallon. Several states reported fuel shortages (In Washington, 80% of gas stations were without fuel). American Airlines had to adjust flight schedules.
Cost: Besides the US$4.4 million that the company paid as ransom, Colonial Pipeline will need to spend tens of millions of dollars to restore its systems completely. Additionally, it will need to rethink its cybersecurity measures.
Lesson #1: Pay Special Attention to Employee Education
While a major ransomware attack requires careful planning and significant recourses, the easiest part about it is finding the entry point. In most cases, the malicious program enters the victim’s system through emailed attachments or malicious downloads.
The initial attack vector of the Colonial Pipeline is still unknown. However, the system was likely breached after an employee downloaded a malicious file or opened an email attachment.
Either way, the attack could have been prevented by proper employee education. No matter how complex the attack is, it can’t reach your company’s systems unless someone opens the door and lets it in.
To keep doors closed, it’s imperative to educate your employees about malicious programs.
Lesson #2: Rethink Your Cybersecurity Budget
Even if the malicious program enters your system, it’s possible to get rid of it before it causes significant problems. To proceed further, it must go through a firewall and other security barriers. The quality of these barriers depends on how thorough your security measures are.
Why weren’t Colonial Pipelines security systems in top shape? One of the key reasons is the price. Top-notch cybersecurity is expensive. For major companies, risks classified as “unlikely” call for minimal expenses. Most likely, the fuel giant viewed ransomware attacks as an unlikely risk.
With proper risk assessment, the company could have spent more time and money on cybersecurity, thus preventing the attack.
For smaller companies, cybersecurity isn’t as expensive as it is for national infrastructure giants. However, if you consider the cost of each attack, prevention has a huge ROI.
Lesson #3: Fortify Your Backup
During the Colonial Pipeline attack, cybercriminals didn’t just steal sensitive information. They encrypted essential data, the absence of which disrupted the company’s billing system. While it didn’t directly affect the company’s operations, this attack initiated a chain of events that led to a five-day shutdown.
Once the ransom was paid, the criminals provided software, which was supposed to decrypt the files and restore the system. However, the software was working slowly, so the company ended up using its own backup for restoration.
To make sure your company isn’t vulnerable to ransomware attacks that encrypt your files, you must have high-quality offline backup.
Lesson #4: Design a Rapid Response Plan
When the Colonial Pipeline ransomware attack occurred, the company reacted quickly. Even though it led to some serious (and costly) consequences, Colonial Pipeline took its systems offline in order to contain the attack. The ransom was paid within hours.
While more details are yet to be released, the company seemed to have been acting according to a specific plan. It helped the fuel giant prevent the attack from spreading.
To make sure a ransomware attack doesn’t have disastrous consequences, a company must design an incident response plan. According to IBM’s Cost of Data Breach 2020 report, companies without a proper response plan incurred costs of US$5.29M, while companies with a plan reduced these costs to US$3.29M.
Lesson #5: Be Ready for Attacks at All Times
Ransomware attacks are here to stay. Ten years ago, they targeted individuals. Today, schools, hospitals, companies responsible for critical infrastructure, and small businesses are targets as well.
The COVID-19 pandemic caused a spike in malicious attacks due to the majority of business operations moving online. That’s why it’s imperative to pay extra attention to cybersecurity.
Improving Cybersecurity in the Era of Ransomware Attacks
Colonial Pipelines didn’t just incur significant costs paying the ransom and restoring its systems. The company took a serious reputation hit. Major industry players tend to have an easier time recovering from cybersecurity problems. For a small business, such an attack could be the end.
Top-notch cybersecurity is no longer an optional tactic. It’s a must-have strategy. With more and more ransomware attacks disrupting business operations in Canada, it’s imperative to rethink your approach to security measures.
If you’d like to ensure your company’s cybersecurity readiness, contact us to schedule a complete cybersecurity review. At 365 Technologies, we stay on top of the latest cyberattack prevention trends to keep your data safe.