If it seems that cybersecurity attacks are on the rise, you are not mistaken. When this year is in the books, every industry report will show how the frequency of attacks escalated exponentially again while the cost of attacks became higher than ever before.
We are only half-way through 2021, and with the Colonial Pipeline attack, we already witnessed one of the costliest cyber-attacks ever. The cycle for major cyber incidents has now become a matter of days – not weeks – as we witness continued major ransomware attacks, data loss, major breaches, as well as intelligence and industry warnings. If there was ever a time to get serious about cybersecurity, that time is now.
The Enemy is Inside the Gates
On May 7, 2021, Colonial Pipeline, an American oil pipeline that carries gasoline and jet fuel to the Southeastern United States, suffered a ransomware cyberattack that impacted the essential equipment managing the pipeline. The impact was so severe that it led to emergency declarations from the President of The United States, as well as the Governor of Georgia.
While the Colonial Pipeline hack has been well documented in terms of multi-billion dollar impact to the economy of the U.S., consider the recent major Microsoft Exchange platform vulnerability that has been cycling in the news as well. The industry struggled with remediation on this issue because tens of thousands of customers use this software suite and the platform was specifically targeted due to its wide base of usage.
Known to the industry as the “HAFNIUM” incident, the name comes from a state sponsored cyber espionage group out of China that has been profiled as the actors behind the vulnerability. Once infected, affected servers allowed remote code execution and untrusted network activity, even after some of the existing patch updates.
And just a few short months ago, the SolarWinds supply-chain software attack shocked many throughout the industry. Once again, the scale of impact was thrust upon thousands of companies. With each passing day, the threat is becoming more real than ever before.
“The pandemic, and its resulting changes to the business world, accelerated digitalization of business processes, endpoint mobility and the expansion of cloud computing in most organizations, revealing legacy thinking and technologies,” according to Peter Firstbrook from Gartner. Old technologies and antiquated processes are definitely to blame. But also far too often, we witness the adoption of principles where ransomware victims “just pay up.”
As much as one-third of businesses in 2021 that reported a ransomware attack decided to pay the ransom. Paying ransom demands encourages more hackers and the statistics show that not only do hackers come back to attack businesses that paid, less than 10 percent of the data that is paid out is ever completely recovered. Paying for crime doesn’t pay off and it is a glaring example of poor preparedness and lack of strategy. Cybersecurity incidents are creating a bigger impact on the economy than many people have realized as evidenced in the recent ransomware attack on the Colonial Pipeline which shut down the Eastern seaboard of the U.S.
Good Practices Needed
There are, however, positive steps that can be done immediately. The first elementary step is to do some widespread cleanup. Get rid of all instances of default passwords, all of those passwords you “think” cannot be changed and all of those strange devices and components that do not have any passwords in place. Even if it’s on your private network, everything can be a vector and hackers know it.
Enterprises need to support greater cybersecurity urgency now, review security planning and embrace the leading principles of comprehensive cybersecurity. Ultimately, the price to be paid is unwavering diligence and a hyper-focus on better comprehensive security starting with protecting “the castle,” recovering from a breach and then assurance that future attacks cannot be detrimental.
You can protect your assets and organization by following and looking for solutions that focus on:
- Vulnerability identification & scanning.
- Data encryption.
- Firewall services.
- Security patching.
- Malware detection.
- SOC Threat Monitoring.
- Zero Day Threat mitigation.
- Training & education.
You can plan for a recovery from a breach by implementing strategies for:
- Disaster and data recovery.
- Routine back-ups.
- Threat hunting & removal.
- Cyber-liability insurance.
- Virtual desktops deployment plan.
You also need to have assurances that your infrastructure is truly protected by routinely conducting:security and compliance assessments, audits and aggregation, as well as threat and response logging and analysis, and comprehensive environmental reviews.
Only when we take the trinity of protection, recovery and assurance seriously will we be able to substantially reduce risks and beat the bad actors. Based on the continual cycle of breaches continuing to emerge, organizations need to push the pedal on evaluation, assessment, monitoring and contingency planning, and shift their mindset to always assume a breach is underway.
Not only should organization break the glass and get their security playbook in full swing, but also break the kitty bank to fund it.