Colonial Pipeline Attack: 3 Key Takeaways

In May, the Colonial Pipeline attack opened the eyes of business leaders and government officials across the United States to the significant and immediate risk ransomware posed to organizations around the world.

For nearly a week, a ransomware attack on the pipeline, which provides around 45 percent of the gas and fuel to the East Coast of the United States, halted operations as the company worked to recover its data and ensure safety. Ultimately, Colonial Pipeline paid $4.4 million of ransom to attackers to speed up recovery.

While the pipeline is currently back up and running, there are many lessons that businesses in every industry can learn from the incident to ensure they’re protecting themselves from a similar fate. Here are three takeaways:

Ransomware attacks on the riseRansomware attacks were up 150 percent year over year in 2020, and 2021 seems to only have increased the rates of attacks further. Since the Colonial Pipeline attack in May, we have also seen significant ransomware attacks hit global meatpacking company JBS, the Irish health system, and more. The White House urged companies to protect their networks against attack.

The reality is that organizations of every size and industry are being hit by ransomware, disrupting operations and, in some cases putting the company out of business altogether. Companies and the managed service providers (MSPs) that support them need to educate themselves in this threat and take the necessary steps to mitigate this risk.

Importance of basic cybersecurity hygiene — While the impact of the Colonial Pipeline attack was significant, its cause was just a single compromised password. This underscores the importance of basic cybersecurity hygiene in mitigating the risks of an attack. According to an advisory put out by the Cybersecurity & Infrastructure Security Agency (CISA) following the attack, organizations should ensure cybersecurity basics, such as multi-factor authentication, updating software, filtering network traffic, and implementing user training programs.

MSPs can play a critical role in helping businesses evaluate their current protections and ensure cybersecurity hygiene is maintained regularly.

Need for critical infrastructure security — As more organizations look to leverage the benefits of connected critical infrastructure systems, they also need to mitigate the new risks that may pose. Part of the reason the Colonial Pipeline took so long to recover was to ensure the safety of the company’s critical infrastructure systems, which stretch across more than 5,500 miles of pipeline. Organizations or their MSP partners need to make sure they are using the appropriate technologies to segment these IT-OT assets.

For an MSP, these takeaways represent areas that they can leverage to educate their customers and implement solutions to mitigate those risks. While the Colonial Pipeline attack was a devastating event, it can also hopefully serve as a learning experience for organizations and MSPs everywhere to improve their cybersecurity posture against today’s threat landscape.

The State of Cybersecurity: What SMBs Should Know
Struggling to Hire an IT Department? Here's How an MSP Can Help