A member of the Red Hacker Alliance in Dongguan, China in August 2020 monitors cyberattacks around the world. Hacks have increased through the pandemic and the war in Ukraine – © AFP/File Noel Celis
Cyberattacks, especially ransomware, continue to pose a threat to businesses. The most serious of these in recent years was the attack that brought down a major energy supplier in the U.S. – Colonial Pipeline. At the time of the attack, millions of people across the U.S. were lining their cars up at gas stations to fuel up while they could.
To understand the key lessons learned from the attack, Digital Journal caught up with Huntress’ VP of Threat Operations, Roger Koehler. The subject matter expert outlines three key lessons to be learned in the year since the Colonial Pipeline attack.
Such actions are necessary not only for the here and now, they also carry major financial implications. For instance, in the wake of the anniversary, the Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a nearly $1 million fine against Colonial Pipeline Company for control room management failures.
According to PHMSA: “The 2021 Colonial Pipeline incident reminds us all that meeting regulatory standards designed to mitigate risk to the public is an imperative…PHMSA holds companies accountable for violations and aims to prevent any instances of non-compliance.”
The ramifications from this fine will have an impact on other critical infrastructure companies, says Koehler. This should help to dive firms to further invest in cybersecurity measures that protect the most vulnerable systems.
With the three issues:
It doesn’t matter if you’re a small business or enterprise. You are a target.
According to Koehler: “Whether you operate a meat factory, a university or a small business, you are a potential target. Sometimes, an attack is just a crime of opportunity, much like we saw with log4j, where attackers were scanning and hacking any vulnerable devices they found. Other times, attacks are targeted, as we saw with VMware Horizon. Point is, no one is immune–not even a gas pipeline.”
Attackers will find (and exploit) the weakest link.
Koehler says it is important to avoid sending out the wrong signals to cybercriminals, noting: “Hackers are lazy but efficient. They’re fans of targeting the weakest link. Sure, they could consistently go after an organization’s most critical assets (such as their servers), but why go through all that hassle when there’s a much easier route to gain entry?”
Attackers are agile. Defenders need to be, too.
Know your enemy and take their strongest parts, advises Koehler. He recommends: “Defenders can’t just keep pace with today’s hackers. We have to think ahead, continue to upskill and question to improve the status quo. We have to be on the lookout for new threats and actively learn how to combat them. That also means we should pressure our vendors to keep their products up to speed to combat not today’s but tomorrow’s threats.”