SeedSpark Blogs | Technology Management & Digital Marketing in Charlotte, N.C.

3 Lessons Learned from the Colonial Pipeline Ransomware Attack

Written by Samuel Adams | 05/18/2021

Last week's ransomware attack on Colonial Pipeline, the operator of one of the largest fuel pipelines in the country, catapulted glaring cybersecurity issues into the public eye. Stretching from Pennsylvania to Texas, the pipeline provides a variety of fuel types to businesses and communities across 14 states and is the main source of jet fuel to some of the nation's largest airports. While the company has now returned to normal operations, analysts are digging into the details of how the attack happened, how to prevent future attacks, and how other business leaders can stay prepared.

How did the Colonial Pipeline ransomware attack happen?

The origin of the attack on Colonial Pipeline remains unknown, but there are a wide variety of possibilities as to how hackers tapped into the company's data. Phishing emails have been on the rise for years, leaving entire databases vulnerable with one reckless click from an employee. Failure to update software across an entire IT network can also leave a business vulnerable to hacking attempts and cyberattacks. Login information is also regularly leaked or sold online, providing a potential avenue for access to anyone willing to pay for the information. Whatever the point of entry, hackers affiliated with online cybercriminal group DarkSide successfully infiltrated the Colonial Pipeline network, holding operations hostage and demanding a reported $5M ransom be paid in cryptocurrency - which Colonial Pipeline ultimately paid. So, what lessons have been learned from the Colonial Pipeline ransomware attack?

Ransomware Attacks Aren't Going Away

Ransomware attacks have been on the rise for years around the world, including in our own backyard. Mecklenburg County, the home of one of the nation's fastest-growing fintech hubs, was targeted by a ransomware attack in 2017 that brought its operations to a screeching halt after an employee fell victim to a phishing email containing malware. Cognizant, Michigan State University, Honda, and more have all fallen victim to ransomware in the last 5 years.

The attack on Colonial Pipeline is one of many ransomware attacks, but it has catapulted the issue back into the limelight to show the devastating impact that a ransomware attack can have. Nick Merrill, a researcher with the Center for Long-Term Cybersecurity at UC Berkeley School of Information, shared his thoughts in an interview with CNN, saying "The first thing that comes to my mind is: Thank God this wasn't water."

Businesses of Any Size are Vulnerable 

When it comes to ransomware, people often assume that small businesses are the companies that are most vulnerable to attacks. While it's true that small businesses often have fewer cybersecurity measures in place, the reality is that businesses of any size are at risk. Even the smallest security slip can give attackers access to your network and its data. While the source of the attack on Colonial Pipeline's network hasn't been disclosed, hackers are more cunning than ever in crafting their attack strategies.

In late 2020, phishing emails regained their position as the top source of ransomware attacks, overtaking remote desktop protocol to become the leading threat targeting companies of all sizes. Datto reports that 1 in 5 SMBs report they've fallen victim to a ransomware attack, while 85 percent of MSPs report that ransomware is the most common malware threat to SMBs - 15 percent report multiple ransomware attacks in a single day.

Always Have a Business Continuity and Disaster Recovery Plan

Every company, regardless of its size, should have a business continuity and disaster recovery (BCDR) plan in place for when a disaster does strike. The business continuity strategy keeps operations running throughout a disaster while a disaster recovery strategy helps plan a path forward. Colonial Pipeline's response to their cybersecurity breach was reactive, with the company hiring a third-party cybersecurity company to assess the damage that had been done and then develop a recovery strategy. The company was also hiring for multiple cybersecurity positions at the time of the attack, including one listing for a Cyber Security Manager that remains open - any takers?

While the company had basic cybersecurity measures in place, failing to take a proactive approach to their cybersecurity strategy not only stunted their operations for an entire week but also launched the Southeast into the largest gas shortage in recent memory. With a proper BCDR plan in place, Colonial Pipeline could have had processes in place to launch a recovery from the moment a breach was detected. 

While Colonial Pipeline's operations have now recovered and services have resumed, the cost of their cybersecurity breach goes well beyond the $5M in cryptocurrency paid to the attackers. Third-party assistance, company downtime, and lost revenue give just a small glimpse at the full financial impact that this attack has had on the company - not to mention the impact on its reputation and on the customers they serve. From small businesses to large corporations, this month's attack is a wake-up call for business owners who may not have a true cybersecurity plan in place.

With attacks coming from every angle, ensuring that your network is completely covered protects your business, your team, and your customers when disaster strikes. SeedSpark's Managed IT team provides reliable and secure technology solutions for small- to medium-sized businesses, proactively installing the latest updates, performing network penetration testing, and maintaining cloud storage solutions for your organization. Are you ready to take your team's cybersecurity to the next level?