May 25th, 2021 by William Wentowski
The events happening with Colonial Pipeline are nothing new. Businesses are hacked every day, however, few have as much impact on the individual citizen as an attack on vital infrastructure. Over the past year, ransomware attacks have increased 300%.
It can happen to business.
Security is a journey. The nature of threats changes every day and securing networks against everything is literally impossible unless you can disconnect it from the rest of the world and 100% prevent physical access to it. The goal of effective cyber security is to mitigate the risk and reduce attacks surfaces. Like firearms, cyber security safety follows the swiss cheese method of protection. Everything has holes, but if steps are taken none of the holes line up and there are no problems.
The one issue with the swiss cheese model, which is where constant monitoring comes in, is that most attacks are not a one and done event. When the attacker hits a layer of security they cannot shoot through, they move laterally to find another hole. What the above model misses is that being hacked is, frequently, not a straight-line event.
Where this wraps back around to Colonial Pipeline, is that last slice of cheese or remediation procedures. What plans do you have in place when a cyber event occurs? Do you know you time to recovery? Organizations put in place a recovery plan with no concept of the true cost of their downtime. Many ransoms are paid because the cost to restore functionality is higher than the ransom! The math and decision are simple. If you lose $20,000 a day and it takes 10 days to restore functionality, but the ransom is “only” $60,000 you will pay.
However, this creates massive brand damage with measurable financial loss. Colonial Pipeline, within days of the attack, lost contracts to the likes of Kinder Morgan and other pipeline competition. In such lynchpin industries, if you are down, so is everyone else. Unlike the bulk of businesses, they have somewhat of a natural monopoly to help protect them. New pipelines don’t just appear up the East Coast; but that doesn’t help the gas station, the convenience store, and every up the chain supplier from there.
If security is even the tiniest blip on your radar, give BTS a call. We work to continuously educate ourselves on threats of all sizes and ways to prevent or mitigate those attacks. Pick up the phone and start your security journey. 205-290-8400
Posted in: Cyber Security