As I write this today, there is a panic in the air of impending gas shortages and gas prices rising. As the summer travel season is soon to arrive, there is instability in our oil and gas infrastructure.
All this mayhem and human concern has been caused by a criminal syndicate, DarkSide. The cyber hacking group managed to pierce the Colonial Pipeline security infrastructure, causing a shutdown of oil distribution to many states and industries along the east coast. 45% of the east coast fuel supply is distributed via the pipeline. The cybercriminals were able to steal over 100GB of data. This is a major concern, as there could be information now in the hands of the bad guys to plot out future attacks on the US energy sector. These types of disruptions can cause panic and disorder that is advantageous to enemy states that want to rattle our economy, people, and discombobulate our national defense.
Ransomware is a tricky situation once it infiltrates your network and propagates across network resources, servers, laptops, phones, tablets, printers, and so on.
The major concern, once you neutralize ransomware and its effects, is moving forward. I believe that this is the case when it comes to the Colonial Pipeline situation and every other breach where you are lucky enough to start thinking about moving forward. Some businesses are not so lucky, due to many variables.
The major question is, how do we know the ransomware is all gone? And how can we move forward with 100% efficiency to resume services. The answer to these questions is that it takes time. I must be honest, after a breach of any kind, especially ransomware, it takes time to trust your infrastructure again. It takes time to trust yourself and trust that you eliminated all the ransomware and its malicious code. You also must trust that you enacted and implemented the right security settings, hardware and software. Ultimately, you must trust that your security posture is better equipped than before the incident occurred. It is a tug of war with your heart and soul. You will not be the same, but you will be better for it.
I want whoever is reading this to know, it will get better. You will survive, and if you learned from your mistakes, you would thrive and be better for it.
For future reference, focus on your backups and most importantly, security awareness training. It’s not yet known what or where the initial breach happened at the colonial pipeline, but I can tell you that there is a high probability that it started at the human level. According to most Cyber incident response publications, some of which I have listed below, 90% of all major breaches are attributed to human error. From my own personal experience, I can tell you that every remediation event I have been a part of started with a human mistake. Now, this is not to say that IT and Cyber did not play a role. Quite the contrary, as some issues occurred due to firewalls or spam filters allowing the threat to flow in. So, it is not always the human who allows the threat in the network, but unfortunately they become the last defense when it reaches their inbox. This is where awareness training can help tremendously.
Now it’s easy for me to sit here and say that we need to train staff to not fall for phishing scams or fake websites. It’s another thing to have buy-in and make cyber security a part of a person’s already busy work life. It is not easy. Not because people are not willing to help, but because work is fast, life is fast. You can have the most rigorous and engaging awareness training and all it takes is one click. So, this brings me to my other focus item, backups. Backup locally, remotely offsite, cloud, and have an offsite cold storage backup. Scan all your backups for malicious code and for goodness sakes, please test restore your backups, especially the cold storage. I realize that it is time intensive and tedious, but it could be the difference between a business or a pipeline, being back up and running effectively and efficiently or being down and out for an extended amount of time. The last thing you ever want to do is negotiate with Cyber criminals. Paying a ransom should never be in your disaster recovery plans. If you pay, you then become a soft target.
SherTech is here to help. We are not alarmist. We see and hear from vendors and many in the media every day. We leave it up to them to scare you and use scare tactics to gain your business. What we are here to do is help guide your organization and create a proper security model that aligns with your business and security requirements. We block out the noise and work to secure your organization. SherTech is looking to build a lasting relationship, helping your business in good or bad times.