On May 7, 2021, an American oil pipeline system running from Houston, Texas supplying the South-Eastern USA and New York, became a victim of a cybersecurity breach. Overnight, the Colonial Pipeline hack became global news as criminal hacking group DarkSide held the critical pipeline hostage for US$4.4 million in bitcoin. The ransom was paid, but not before the attack caused massive fuel shortages at airports, panic buying at fuel service stations, and soaring fuel costs.
Sure, your business is probably not responsible for a major pipeline, but that doesn’t mean it isn’t vulnerable to the same kind of attack. Here are several lessons every business can learn from this event.
#1 – Passwords Must be Managed Properly
Investigators determined that it was just one compromised password that opened the pipeline up to attack. One. The password wasn’t even in use at the time, and it’s believed that it was used on another online account, which was then compromised.
Such a small, easily overlooked vulnerability can have a massive impact on your business, and this could have been prevented by a security policy that includes eliminating passwords that are no longer in use from the system, including passwords from past employees, employees who are no longer in that particular role and clearing old tech of stored passwords.
#2 – Passwords Must Not Be Multi-Use
The password that allowed hackers into the Colonial Pipeline’s system is thought to have been used on another online account, which hackers gained access to. It’s not yet known exactly how this happened (the website it was used on may have been compromised, for example), but either way, it’s important to restrict the use of passwords and usernames within your business.
No password or username used for business accounts, email systems, and apps should be used for anything other than those platforms and should not be used on external websites and accounts without your IT specialist’s approval.
#3 – A Breach Response Plan is Essential
No matter how secure your systems are, you can never completely eliminate the risk of a breach. Whether it’s human error or hacker ingenuity, it’s important to be aware that the threat exists – and to have a plan in place to limit damage and restore processes as quickly as possible. This should include a process for detecting threats, securing data, and restoring processes through a business continuity and disaster recovery system.
In the Colonial Pipeline attack, the ransom was paid and a solution delivered by the hackers, but it still took around 2 weeks to get the fuel supply back to normal. Ultimately, it was Colonial Pipeline’s own backup that got the system running again, and investigator have recovered around half of the bitcoin used in the ransom. This is a fairly quick response considering the scale of the attack, but the damage was still done to the reputation of a key national infrastructure point. The employee who received the ransom note activated the response system and the pipeline was shut down for the first time in its 57-year history, and performed an intensive evaluation of the infrastructure to determine if there was physical damage.
At Otto, we’re here to protect your organisation and your people against ransomware, IT scams, and other IT security risks. We’ll help you educate your team, ensure you have the best IT protection for your business, and be ready to act if your data or people are compromised. Talk to us today about IT security and data security for your business.