The news angles and repercussions of the Colonial Pipeline hack just keep multiplying. It’s a story that serves to emphasize that a data breach bringing down a database or website is one thing – but crashing key infrastructure is quite another.
No ransomware attack has captured the imagination of the public like the Colonial Pipeline debacle. Millions paid in ransom, long lines at gas stations, soaring prices, federal government dallying, even a public explanation from CEO Joseph Blount as to why the company paid the ransom – this one has so many avenues to explore.
Investigators are delving into the exact causes. Whatever the specifics in the Colonial Pipeline hack, the contributing factors are unlikely to fall outside of these familiar vulnerabilities, each of which CIOs need to pay close attention to.
Phishing
Problem: All it takes is one gullible employee clicking on a malicious email link or attachment and the bad guys are inside. And while most know not to click open the email from the overseas banker who needs your help repatriating millions in krugerrands, phishing at the enterprise level still works.
Solution: Invest heavily in security awareness training to teach employees how to avoid being hoodwinked by social engineering ploys. All the security technology in the world and the best IT team in the universe can be utterly defeated by one inattentive staffer.
Backups
Problem: In the event of a ransomware attack, it is vital to have to hand a clean backup so you can get effected systems back up and running rapidly.
Solution: As well as good backup software, ensure you have the capability to test backups regularly, and scan then to make sure that your backups don’t contain ransomware.
Read more about why Tape Remains a Critical Part of Enterprise Storage.
Air Gaps
Problem: Any system that is online such as a disk-based backup is susceptible to attack. If bad actors get in there, they can lock you out and hold you to ransom. All the regular security measures can and should be used to thwart such attacks.
Solution: The only sure way is to have an air gap, which is a physical barrier that is offline between the web and the data. This can be achieved via modern tape archiving and backup systems that keep tapes offline, yet they remain accessible within minutes if needed due to their automated nature.
Don’t pay the ransom.
Problem: FBI directives make it clear that ransoms should not be paid as it encourages the criminals to continue attacking. Plus, those paying have no guarantee they will regain access or that the bad guys have retained some kind of backdoor or malicious code that can allow them to attack again.
Solution: Unless the financial cost of being denied access make the ransom demands seem like chickenfeed, don’t pay. But you have a stronger hand if you have implemented points 2 and 3 above so that you have all or most of the data available for relatively rapid recovery.
Segmentation
Problem: “One network to rule them all” is a bad idea. Period. One way to prevent ransomware from taking over enterprise resources it to internally segment the network. By doing so, malware can’t freely move around from one infected machine to the another.
Solution: Ask your IT department what they are doing about micro-segmentation. Insist they institute some form of granular segmentation within the IT infrastructure in order to limit the visible attack surface. Yes, one segment may become compromised and subject to ransomware. But the others will remain secure as they are walled off.
Zero-trust security
Problem: Part of the problem is that one compromised user account may be enough for cybercriminals to enter the network. And if they gain admin privileges, it’s game over.
Solution: Implement zero-trust security frameworks and technologies as they enforce proper authorization and validation and limit access to applications, data, and networks. As part of this approach, all resources are micro-segmented so as to allow only the amount of access privileges absolutely needed. Many of the latest firewalls come with micro-segmentation and zero-trust features.
Read more on Rise of Zero-Trust Network Access.
Digital transformation:
Problem: Most companies have submitted to the allure of digital transformation. This basically updates all systems so that they can integrate fully, gets rid of old analog and legacy systems, and brings the world of operational technology (OT – essentially building systems, cooling, heating, mechanical systems, etc.) into the world of IT. The downside is that with everything connected, the bad guys can shut anything down – like a pipeline or a hospital.
Solution: Enforce multi-factor authentication, and data encryption at rest and in transit, as well as the implementation of zero trust security, better endpoint protection, and faster incident response. And adopt a cautious approach to digital transformation so that your digitization initiatives don’t run far ahead of the need to secure them.
Patches:
Problem: Next to phishing, uninstalled patches are the next biggest security hole in the enterprise. It’s shocking to note that urgent security patches from months ago are still deployed in many enterprises.
Solution: Relieve the burden on IT by implementing automated and centralized patch management, and ideally turning the entire function over to a trusted vendor. The sad truth is that this function tends to get neglected as IT has other urgent priorities and firefights going on.
With breaches like the Colonial Pipeline hack making regular appearances in the headlines, CIOs have never been in a potentially stronger position to advance their companies’ security and infrastructure hardening goals. Zero-trust network access and segmentation might not close all the security gaps. But they’re certainly a good place to start.