The Colonial Pipeline Data Breach and the Lessons You Should Learn From It
June 2nd, 2021 by William Wentowski
For the past several years, BTS has advocated the importance of cyber security. We've done our best to let businesses know that cyber security is something that can't be ignored or underbudgeted. However, more and more businesses fall victim to malware, ransomware, and phishing attacks every day; as companies continue to neglect their security. This negligence only leads to irreparable harm to one's company, with the most recent example being Colonial Pipeline's data breach.
The Colonial Pipeline Data Breach
Colonial Pipeline has become a prime example of what mismanaging your cyber security can do to your business. On May 7th, 2021, they suffered from a data breach caused by ransomware. While this breach only hit their billing system, they decided to halt all of their pipeline's operations in an attempt to contain the attack. Shortly after that, the Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., to keep fuel supply lines open on May 9th. It took them almost a week to get their operations back up and running, but it was too late by then. The damage had already been done.
How Did it Happen?
So what went wrong? How did this industry giant suffer such a devastating breach? As we stated earlier, it's almost entirely due to negligence on the company's part. Colonial Pipeline either had no cyber plan set up to protect themselves, or the plan they did have failed. Here are two things that clearly indicated that to be the case:
Lack of Data Backups
Under normal circumstances, for companies with cyber security in place, data backups are constantly being created of all the essential operations. However, this doesn't seem to have been the case with Colonial Pipeline. Once the ransomware hit and locked up their data, they chose to pay their assailants $5 million to get it back instead of loading up a data backup. That lack of a backup is what caused their services to be down for so long. It took a significant amount of time to decrypt the returned data and restore it to a usable state.
No One in Charge of Cyber Security
Two months before the data breach occurred, the company had a job opening for a Cyber-Security Manager position. For two whole months, one of the largest pipeline companies in America sat around with no one in charge of their cyber security. Not to mention that security is an impossible role for a single person to manage or oversee, especially for a company of this size and scale. Cyber security has to be managed by experts who specialize in the different parts working together as a team. Doing anything less is pure negligence for the sake of cost savings.
The Damages
While many will point to the $5 million ransom being paid (in the form of 75 bitcoin), the actual damage caused by the breach is much higher than just that. For nearly an entire week, all operations for Colonial Pipeline ceased to function. Leading to downtime and lost profit on a scale that hasn't yet been put to numbers. That's not including the damage done to their brand, contracts lost, customers who will no longer work with them, as well as any potential legal costs they may face from lawsuits or legal trouble this may cause them in the future. Only time will tell how far-reaching and costly the damage this single breach caused.
What You Can Learn From Their Mistakes
If there is any lesson to be learned from Colonial Pipelines' data breach, it's the fact that ignoring cyber security will only hurt your business. With a cyber plan implemented that created data backups, this would not have been a problem. Instead, their cyber security was left neglected. Now they're paying a much higher price than what any cyber security solution would ever cost. Don't make the same mistakes they did; get a proper cyber plan in place before your business is the next example used to teach this lesson.
Posted in: Cyber Security
