A cyberattack in mid-May paralysed Colonial Pipeline, one of the largest US oil pipeline operators – Copyright AFP/File Logan Cyrus
May 7th 2022 marks the first anniversary of the Colonial Pipeline ransomware attack. This incident resulted from one single, compromised password and it managed to take down the largest fuel pipeline in the U.S. resulting in shortages across the East Coast. It was the largest cyberattack on an oil infrastructure target.
According to Alon Nachmany, Field CISO of AppViewX, considering where the industry is today, what have enterprises learned over the course of the past year? This question is pertinent considering that infrastructure hacks are on the rise. It is also useful, notes Nachmany, to question what this marker can signal to executives?
Nachmany says there is still much work that needs to be done, as he explains to Digital Journal.
Nachmany says: “As we come to the year anniversary of the Colonial Pipeline ransomware attack, I can’t help but compare where we were then to now from a cybersecurity standpoint.”
Some progress has been made, says Nachmany: “The overall incident raised awareness of the massive vulnerabilities within our critical infrastructure, and how a minor attack has a tremendous impact on one of the most powerful nations.”
As an example of solid action being proposed, Nachmany states: “Within days of the attack, President Joe Biden signed an executive order to help strengthen the country’s cybersecurity, and the Department of Homeland Security issued much-needed cybersecurity regulations for all pipeline companies.”
Despite these best intentions, Nachmany ponders: “Have we really strengthened our cybersecurity posture? How have we better prepared ourselves?”
Answering his own reflective question, Nachmany states: “The simple answer is not much, and not really from a practical perspective.”
This is because, the analyst says, of the continued reliance on legacy technology and practices. By this he means: “User credentials like passwords are still used to keep critical infrastructure safe.”
The current global situation provides evidence of these vulnerabilities: “Amid looming Russian cyber threats and with ransomware like BlackCat popping up, it’s becoming more clear than ever that organizations have a false sense of security. Passwords aren’t enough. People forget them, and forget where they’re used.
The mature response is to recognize these issues, says Nachmany. By way of example, he notes: “There are organizations starting to shift their priorities. In a recent Ponemon Institute report, we’ve found organizations are putting greater emphasis on managing and securing digital certificates (54 percent) versus human identities, such as usernames and passwords, (46 percent), which they feel are less important.”
Yet more is to be done. Nachmany finds: “However, with five in 10 organizations confessing they had a security incident caused due to third-party negligence, it’s clear third-party risks are still threatening critical infrastructure. With hackers not going away anytime soon, I can’t urge this enough: think about security initially when working with any third-party provider. If we continue to think of it as an afterthought and keep current practices for keeping critical infrastructure safe, instances like SolarWinds and Colonial Pipeline will just be the beginning.”