When Colonial Pipeline suffered its ransomware attack a few months ago, the company shut down the pipeline and paid a ransom of 75 Bitcoins valued at $5 million.
According to reports, a cybercriminal organization named Darkside was responsible for the attack. The ransom was paid by Colonial Pipeline in order to receive the decryption keys to speed up the recovery of data, but the decryption process was so slow that Colonial Pipeline used its own backups to restore the systems. Although the specific attack vector used will most likely never be published since firms are not keen on revealing their cybersecurity weaknesses, it has been reported that the attackers stole nearly 100 gigabytes of data and threatened to release it to the internet if the ransom was not paid.
Darkside released a statement that claimed its goal was to "make money" and not create problems for society. Nonetheless, the pipeline created fuel shortages, causing airlines to change flight schedules and consumers to fill their tanks frantically. The federal government and 17 states along the East Coast had to declare states of emergency.
President Biden told reporters, "I think we have to make a greater investment in education as it relates to being able to train and graduate more people proficient in cybersecurity."
While everyone can agree that all organizations need to rank the importance of cybersecurity equally with employee health and safety, the response to this attack must also include ongoing cybersecurity education training for computer users. This training will elevate their awareness of the methods and types of attacks. The reality is that ransomware attackers' methods are generally unsophisticated, primarily using email phishing attacks to get users to click a link or open an attachment.
Numerous firms provide cybersecurity awareness training using fully automated, simulated phishing attacks to determine each user's individual vulnerability. Then, specific training is prescribed based on the social engineering hacks that are determined to be their greatest weakness. These simulated attacks occur continuously with varied attacks across the user base in a random fashion.
Fortunately, Colonial Pipeline had both backups to restore its data and cyber insurance to pay the ransom, which prevented the data from being published to the internet. According to cyber insurance firm Coalition, the average ransom demand shot up to more than $338,000 in the first half of 2020. If your firm provides services to the petrochemical industry and has a revenue of less than $50 million, then Coalition's data shows that a ransom for your data could be approximately $160,000.
Overall, every organization can do more regarding cybersecurity by prioritizing user security training, limiting user convenience to install applications on their system, limiting which applications can even execute in a network, and limiting the use of storage controls by only allowing the primary application to modify an existing file. (For example, only Excel can modify an Excel file.) Nonetheless, organizations must protect themselves with a healthy dose of cyber insurance. Cyber insurance doesn't just pay the ransom; it can also cover data destruction, data recreation, extortion and theft. Other cyber insurance benefits may include funds for security audits; post-incident public relations; legal, forensic and investigative expenses; or reward money. Of course, the coverage specifics, including policy limits and deductibles, will be unique according to the risk tolerances, regulatory compliance, and other factors as determined by the policy and needs of the organization.
As stated in my previous articles, no computer system can be made 100-percent safe unless it is physically inaccessible, has no connectivity and doesn't have electricity. If a human being uses the computer system, it can be compromised. The greatest threat to infrastructure will continue to be the users of the system. If you have decision making or shaping authority for your organization, be realistic and acknowledge that no organization can ever be 100-percent protected. Take the necessary steps to improve awareness and harden your systems, and buy cyber insurance today.
For more information, visit www.omnipotech.com or call (281)768-4308.