It’s been a month since an employee at Colonial Pipeline saw a ransom note on a control-room computer. And it’s been almost three weeks since pipeline service resumed. Hack after hack — are there any lessons to be learned from these incidents? We think that, yes, if you’re interested in taking cybersecurity seriously, there are. Here are four takeaways:
Colonial Pipeline had a good offense – but what you really need is a good defense
Colonial Pipeline is worth about $8 billion dollars. It is critical to the U.S, supplying almost half the total oil on the East Coast. Because of the hack, there were multiple state of emergency declarations and media went abuzz at runs on gas stations. The White House issued a statement and worked closely with Colonial to help them recover from the ransomware as soon as possible.
They had every resource available to them.
It still took five days to get them back up.
Your business? Doesn’t have that much on the line in terms of national importance. You don’t have limitless financial resources, and the federal government is not going to help you if you go down.
You need to think smarter before something like this happens. Because this hack, despite all the fuss, is as close as you can get to a best-case scenario.
Colonial Pipeline had all the makings of the best offense one could ever want. And it was still a disaster. Cybersecurity is one of those things where the best offense truly is a good defense, and not the other way around.
Business continuity should fit your needs
Colonial Pipeline had backups. But they felt like the restoration process was taking too long. They chose to pay almost $5 million dollars in ransom in exchange for a decryption tool — but the decryption tool was so slow that they continued to use the backups they already had.
Remember what we just said about needing to think smarter? In the case of ransomware, you should already know (approximately) how long it will take to restore your systems. (And if you don’t, ask your IT provider.) Restoring a system may take some time, but your business continuity plan should be planned around offering you the best solution to fit your needs.
And do not let Colonial’s five-day restoration scare you into thinking business continuity is useless. Datto, a security solutions provider, reported that 4 in 5 MSPs (Managed Service Providers) report that victimized clients with business continuity in place recovered from the attack in 24 hours or less.
Don’t pay the ransom like Colonial Pipeline
Joseph Blount, CEO of Colonial Pipeline, said the decision to pay the ransom was “controversial,” but “it was the right thing to do for my country.” Was it, though?
Let’s set aside the fact that they ended up not using the decryption tool because it was too slow.
It’s known that paying hackers encourages more ransom attempts. If nobody paid, ransomware hackers would go out of business. DarkSide’s Bitcoin wallet shows they’ve done very well, collecting over $90 million in the last eight months.
In the past week (as of writing) we’ve seen reports of attacks on the world’s largest meat producer, a ferry service in Massachusetts, and the MTA in New York. These are not slowing down.
While big names make headlines, we’ve seen that many hackers target smaller organizations. With less risk and security, they can successfully hit many smaller businesses at the same time while another hacker takes down one big business.
This is an issue that affects everyone, not just Colonial and not just massive companies. The more ransoms are paid, the more harm is done to businesses and organizations across the world who suffer the fallout.
Cyber insurance got your back? Not so fast
“Ok,” some of you might think, “Paying the ransom might be bad on a global level, but I have cyber insurance. So, it’s not really coming out of my pocket. Why should I care?”
The massive increase in cyberattacks might make cyber insurance a much more costly expense. PwC expects global cyber insurance premiums to increase from around $2.5 billion today to $7.5 billion by the end of the decade.
Having the choice to pay for ransomware coverage might not even be possible in the future. AXA Group just became the first major cybersecurity provider to drop ransomware payments as a coverage option (in France). Ransomware payments are getting too expensive, happening too often, and are under too much scrutiny by various governmental entities.
Colonial Pipeline hack: the bottom line
Ransomware attempts are only increasing. They’re hitting everyone, from high-profile targets to small businesses across the country. And it’s nearly impossible to get back up and running quickly if you don’t have a plan beforehand. Protecting yourself and your business starts with a strong business continuity plan, to plan for the worst before it happens.
If you’re interested in learning more about how Integris can help you create a business continuity plan, we’d love to learn more about your needs and your organization. Reach out today to start the process
