Colonial Pipeline Supply Chain Still Disrupted, Despite the Restart of Operations
If you’ve been watching news the past week, you’ve seen the latest ransomware attack. Colonial Pipeline, America’s largest pipeline, was its most recent victim.
CNBC states, Colonial Pipeline operates the country’s largest refined products pipeline and transports 2.5 million barrels per day, according to its website. It connects refineries from the U.S. Gulf Coast to more than 50 million people in the South and East.
In one of the most high-profile attacks on critical infrastructure in recent years, operations at the company were shut down on May 7 after a hacker group, now identified as DarkSide by the FBI, launched a ransomware attack against the organization in an attempt to extort millions of dollars.
Six days and $5 million dollars later, the pipeline is up and running, but widespread gas outages in the Southeast could linger for days. This is one of many detrimental side effects of a ransomware attack – money and time loss. Even after the attack has been resolved, business operations typically experience downtime following an attack.
How to Be Prepared for Ransomware
Ransomware requires a robust layered security approach. The concept behind a layered security strategy is ensuring your entire business is protected. Defenses must address people, process and technology in order to be effective.
Ransomware often requires human action to be successful. Employee training and awareness are the real keys to preventing common threats from crippling your business. It is critical for organizations of all sizes to educate their employees on cybersecurity best practices, particularly how to recognize and avoid suspicious links and attachments. Doing so has been shown to help reduce the number of successful attacks.
The do’s and don’ts of proper cybersecurity training:
✔ DO extend training to everyone in your organization – not just leaders or IT staff.
❌ DON’T default to videos and classroom-style sessions that aren’t engaging.
✔ DO experiment with simulated email attacks, drills and tests.
❌ DON’T attempt to teach everything in one session.
✔ DO prioritize topics like password security, threat response and device security in separate sessions.
❌ DON’T assume one session is enough. Training should be ongoing!
Technology alone cannot form a security defense strategy. Supporting processes and policies are the key to optimizing the benefits of the technologies in place.
- Security Policies
- 24/7 Security Logging and Monitoring
- Patching & Updating Software
- Data Backup Process
- Disaster Response Plan
In today’s world of hyper-connected networks, devices and users, there has never been more opportunity for hackers to breach your devices. Organizations must take a proactive approach to prioritize the safety and security of your devices to protect your most important assets.
- Deploy Virtual Private Network (VPN)
- Install Firewall & Antivirus Technologies
- Enforce Multi-factor Authentication (MFA)
- Implement 24/7 System Monitoring
- Encrypt Hard Drives
Having an effective cybersecurity strategy that covers all aspects of your business (people, process and technology) is vital to the continued success and reputation of your business. Our goal is to help you minimize cybersecurity risks and ensure business continuity no matter what threats may come your way. Let us help you build an integrated cybersecurity strategy tailored to your specific needs, ensuring your business is safe and secure.
One Partner. Complete Solutions. Better Results.
6 Tech Tips for Fall With today's technology, it seems everyone is always plugged in - every device must be Wi-Fi-enabled, emails come at all hours of the day and smartphones are a necessity for day-to-day tasks! Technology can make our lives easy and convenient,...
The 2021 Back-to-School Guide for Your Security & Sanity In many households, back-to-school looks chaotic this year (i.e. planning for a hybrid-learning approach, re-learning old routines for in-person schooling or strategizing how to combat burn-out for...
How To Prepare for Cyber-Liability Insurance Following up from the webinar, "Cyber Insurance 101: The Basics for Businesses", we thought it'd be beneficial to provide a guide to help businesses prepare for a cyber-liability insurance policy. Just as traditional...