What Businesses Can Learn from the Colonial Pipeline Ransomware Attack
As Colonial Pipeline returns online after a several-day outage resulting from a cyberattack that instigated a nationwide gas price surge and multiple states to experience shortages, business leaders across industries are left questioning their cybersecurity practices. There is no single solution to prevent a ransomware attack like the one on the largest refined oil pipeline in the U.S., but that doesn’t mean that preventative cybersecurity measures should be put on the back burner.
Stay one step ahead of hackers with informed security awareness
Ransomware attacks have surged by over 80% in the last few years and a minimum of $18 billion was paid in ransoms alone, while the price of downtime added billions more in costs1. Expert studies show that the most common attack vector for ransomware is email, with infection occurring from a user unknowingly clicking on a malicious link or attachment2. At a minimum, the malware locks the company out of their own systems until a ransom is paid; then the hacker provides a “key” to the victim so they may regain access to their file and resume operations. However, double extortion and even triple extortion strategies are common these days. This is where the threat actors will exfiltrate the data before encryption, and then threaten to leak the company’s stolen data, or the data of their customers, unless their demands are met.
The first step to preventing ransomware attacks is educating yourself and your employees of the latest tricks that hackers use to infiltrate your network. Security awareness training companies, such as KnowBe4, go above and beyond a stale slideshow and create simulated ransomware and other common attacks on your employees, leaving your workforce more confident to spot a phishing email or domain spoof before they have a chance to permeate your workplace.
Properly managed security is vital to ensure protection
Configuring security measures such as firewalls are just the first steps in staying protected against cyberattacks. As time goes on though, and users adjust permissions, install new software, or open new ports, for example, gaps in the management and maintenance of security systems leave a once-secure system newly exposed to hackers. Solutions like VPLS’s managed security services protect companies all the way from the cloud to the endpoint, relieving business owners of the burden of staying compliant with patching policies and standard configurations, and ultimately ensuring the security measures put in place stay secure over time.
Secure distributed environments
Companies of all sizes across all industries are at potential risk of a ransomware attack.
Is your business prepared to protect itself from sophisticated threats? Check out VPLS’s How to Prevent Ransomware—A Technical Checklist.
- Emsisoft, Report: The cost of ransomware in 2020. A country-by-country analysis, February 2020
- Sophos, The State of Ransomware 2020, Whitepaper, May 2020
Read More from this Author