On the first anniversary of the Colonial Pipeline cyber-attack, organizations should take a step back and assess what course of action they have taken over the years to tackle such challenges in the future.
May 7th, 2022, marks the first anniversary of the Colonial Pipeline cyber-attack, the largest pipeline in the US that suffered a ransomware attack. This led to fuel shortages on the East Coast. The reason behind the incident was the compromise of the password. It was the most significant cyber-attack that targeted an oil infrastructure entity. Later a spokesperson from Colonial Pipeline confirmed that the organization had paid USD 4.4 million to the cybercriminal gang.
The attack on the Colonial Pipeline highlighted vulnerabilities present in the supply chain and critical infrastructure across the globe. On the occasion of the first anniversary of the security incident, IT leaders should consider where the industry is today. They should assess what course of action to mitigate such cyber-threats in the coming years. This question is pertinent, considering that infrastructure hacks are rising steadily. Additionally, they should consider the first anniversary as questions about what this year can highlight to executives.
As per industry experts, the cyber-attacks have helped raise awareness of the massive vulnerabilities present within the critical infrastructure. It highlighted how a minor attack can disrupt powerful nations and how they have begun to take strict precautions. E.g., Within days of the cyber-attack, US President Joe Biden signed an executive order to strengthen the country’s cybersecurity infrastructure. Additionally, the Department of Homeland Security released much-needed cybersecurity regulations for all pipeline organizations. But, many organizations have still not taken measures to strengthen their cybersecurity.
Also Read: Colonial Pipeline Suffers a Devastating Ransomware Attack
Many of them still do not measure from a practical perspective as most organizations still rely on credentials such as passwords to keep their critical infrastructure secure. For instance, the ongoing global events make a strong case for vulnerabilities present with the infrastructure. With Russian cyber-threats on the horizon and ransomware such as BlackCat popping up, one day or the other, it is becoming increasingly clear that organizations have a false sense of security.
They need to understand that passwords are not enough, and people often forget them and what they have used. Instead, they should look for alternatives such as securing digital certificates that provide more security than usernames and passwords. Additionally, organizations should also think carefully before working with any third-party provider since third-party negligence contributes to a threat to the critical infrastructure.
“It’s hard to believe it’s only been one year since the Colonial Pipeline attack across the eastern US. At the time, we called the attack a warning of ‘open season on infrastructure providers,’” says Sean Derby, Director of Services, Semperis. He further added, “That prediction, unfortunately, has proved all too true. Based on recent reports from the FBI Internet Crime Complaint Center, 649 infrastructure entities were hit by ransomware last year—a trend that shows no signs of slowing. Since most ransomware attacks target Active Directory as the fastest way to gain access to and encrypt company data, we advise government agencies, transportation, and energy and utility organizations that provide critical infrastructure services to take immediate steps to protect Active Directory. A good place to start is a vulnerability assessment that searches for exposure indicators and compromises specific to AD and Azure AD.”
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.