What Can Small Businesses Learn from the Colonial Pipeline Debacle?
Ransomware and cybersecurity are front and center in the news thanks to the recent Colonial Pipeline attack, and the attack on the world’s largest meat producer, JBS (Pilgrim’s Pride, Swift, etc.)
The attacks caught everyone off guard, except maybe for IT security experts who have seen a steady rise in ransomware attack volume and cost.
For example, ransomware attacks increased 485% in 2020, and the average cost of ransomware remediation has more than doubled in the last 12 months, increasing from $761,106 to $1.85 million.
The attack on Colonial Pipeline impacted the supply of 45% of the East Coast’s petroleum-based products like gasoline and diesel fuel. This caused a run on gasoline, with stations across the East Coast running out of fuel.
This impact was also felt nationwide as the price of gas rose higher than any point since 2014, to over $3.00 per gallon.
What Happened in the Colonial Pipeline Attack?
On May 7, 2021, Colonial Pipeline realized that its systems had been hit with a ransomware attack and it shut down operations.
Ransomware is a particularly devastating form of malware that encrypts files, basically shutting down the ability to access data on servers, computers, and other systems.
The attacker then demands a ransom, usually to be paid in Bitcoin. Upon payment, the attacker promises to hand over the key to decrypt the data.
Colonial Pipeline was down for about 6 days due to the attack, causing nationwide panic, and not only about the gas supply.
An attack on a major supplier of a vital product, like gasoline or food, has far-reaching impacts. Just one cyber attack can mean disruption of towns, cities, and an entire country if it’s on a critical product or infrastructure provider.
How Did Colonial Get Its Systems Back?
Unfortunately, Colonial Pipeline did what a majority of victims do when hit with ransomware unprepared. It paid the ransom.
After paying the ransom of between $4 to $5 million, the company was able to recover its systems and bring the pipeline back online.
Why Shouldn’t You Pay the Ransom?
Fifty-six percent of organizations hit with ransomware end up paying the ransom to the attackers. This is the key reason that ransomware attacks have gotten worse and more expensive.
When victims pay the ransom, it encourages attackers to keep doing what they’re doing because ransomware attacks are good business for them.
In fact, they’ve been such good business that large criminal organizations now traffic in ransomware attacks and provide Ransomware as a Service, selling the ability to conduct these attacks to less experienced hackers.
How to Avoid Becoming a Ransomware Victim or Paying Ransom
Ensure You Have Backup AND Recovery Covered for All Your Data
Why do large companies like Colonial Pipeline and others pay the ransom? Because they’re not properly prepared for an attack or recovery from an attack.
They don’t have a full data backup that they can restore and/or they don’t have a system that provides fast and full recovery. Some organizations that have a backup, haven’t properly prepared for recovery, so they’ll pay the ransom anyway just to get back up and running as fast as possible.
It’s important to use a good backup and recovery solution that allows you to quickly restore your systems once the ransomware has been removed. This keeps you from having to pay the ransom and further emboldening the hackers.
Pay Attention to Good Security Hygiene
Many companies know what they should be doing, but they still end up with poor cybersecurity hygiene. Employees may be using weak passwords, companies might not be properly managing patches and updates, etc.
The Sophos 2021 Threat Report found that most successful cyberattacks were caused by a simple lack of using security best practices.
The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
Good security hygiene includes things like:
- Antivirus/anti-malware
- Update/patch management
- Next-gen firewall
- Email spam filtering
- DNS filtering
- Use of two-factor authentication & good password security
- Access management for mobile devices & cloud software
- Ongoing user training on phishing & data security
Have a Recovery Plan in Place
Preparation is key when fighting ransomware and other potential disaster scenarios. Companies that aren’t prepared end up spending far more when it comes to recovering from a cyberattack.
The cost of a data breach can be reduced by 48% when a practiced incident recovery plan is in place.
While it’s important to do all that you can to prevent a ransomware infection, it’s also critical to be prepared in case one does happen. This means putting a step-by-step recovery plan in place and practicing that plan regularly so everyone knows what to do should an attack occur. Being prepared can significantly reduce downtime and related costs in the event of an incident.
Get Help Securing Your Business from Ransomware
C Solutions can help your Orlando area business with a strong cybersecurity plan, including a backup and recovery strategy to protect you from ransomware and other online attacks.
Schedule a free consultation today! Call 407-536-8381 or reach us online.