You may have read my previous blog post: Let’s Talk About The Colonial Pipeline Hack. It discusses how the Colonial Pipeline was compromised, had their data held for ransom, and how they handled this attack.
In this update, I go a bit more in-depth on some of the events and how they unfolded. Additionally, I give a breakdown of the top 5 things you can do to protect your business.
It seems like you can't open your browser or turn on the news without hearing about how another company fell victim to yet another ransomware attack, the big boogeyman haunting your IT nightmares. But unlike the boogeyman your parents used to scare you with, this one's real. If you don't take proper precautions, this boogeyman will have you waking up in a cold sweat with your company's valuable data scrambled, and a crypto currency ransom demand from some shady sounding characters.
Bottom line: you'd like to avoid this at all costs.
Unfortunately, businesses fall victim to this sort of thing all the time. You've probably heard about the most recent one to hit the news - The Colonial Pipeline Hack.
So while you may not supply the majority of the Eastern Seaboard with gasoline - heck you might not even have a 24/7 operation - you still need to employ best practices to mitigate such an incident.
I'll break down some key takeaways from this event and then discuss my top 5 recommendations to protect yourself and your business.
When you hear about a 9-figure business getting caught with their pants down by some enterprising cyber-criminals working out of Eastern Europe, just know some standard security measures could've protect them.
Their attack crippled a pipeline supplying half the East Coast with gasoline, and reportedly encrypted about 100 gigabytes of data. The hacker group, DarkSide, reportedly with Russian roots, managed to compromise Colonial's infrastructure. They demanded a reported ransom of $4.4 million in bitcoin that was ultimately paid. The pipeline was shut down for days and disrupted gasoline supplies to Eastern United States for days. A little silver lining to this is that the Feds were somehow able to recoup around $2.3 million of that. I'll post an update if any details emerge as to just how they managed to pull that off.
So what's this mean to you? Well, hackers are out for one thing - financial gain. They're always on the lookout for poorly secured systems, and when they find them, they pounce. That puts every business at risk. While you might not be a massive oil distributor, you don't have their resources either. It's only a matter of when they'll jump on a poorly secured system.
With some relatively standard practices and technologies implemented, you can cover yourself:
1. Employee Education
Your best defense in the event of a cyber attack is an educated workforce. There are a number of free resources online that provide general cybersecurity awareness training. These trainings include important security aspects like strong passwords, two-factor authentication, staying off unknown wifi networks and public computers, and not installing unknown applications on your devices. Additionally, advanced anti-spam systems include simulated attacks that train your staff how to recognize email threats and how to avoid them.
2. Use An Advanced Firewall
A filtering firewall is your first line of defense. If you're just running whatever your internet provider gave you, or a consumer combo router/firewall/wifi device from a big box store, well that's almost an open invitation to hackers. Sure, a next-gen firewall is definitely more complex to setup and maintain. Additionally, it's a subscription-based service to get those advanced filtering features. Although, it's a small price to pay for the additional security they provide.
3. Control Access To Critical Systems
Have you ever heard of the principle of least privilege? Basically, only give people access to that which they require. After all, if a user gets compromised but they don't have access to everything, you're in a much better position than if they did. This is especially important for those with administrative access. Configuring Two-Factor Authentication on those accounts is no longer optional.
4. Monitor And Keep Your Systems Up To Date
Not everyone runs 24/7, but a savvy IT team will implement tools to alert you of any suspicious activity. While those advanced firewalls we setup will block the majority of attacks at the network perimeter, there are plenty of other ways your user devices can be exploited. Especially now with a majority of people working from home, updating their devices against critical vulnerabilities should be a top priority.
For organizations with a need for advanced security, think medical offices and financial firms, we recommend adding a next generation anti-virus. These tools are monitored by a 24/7 operations center that will not only alert to a threat as it occurs, but stop them in their tracks, take the affected systems offline, and begin the remediation process long before it causes any damage.
Let's just say our pals at Colonial really could've used a next-gen AV.
Backup, backup and then backup again. Here's a little secret the hackers don't want you to know: If you have a backup, you don't have pay them! Not at all. Nuts right?
Companies that suffer catastrophic data loss don't tend to stick around long. If you don't have at least two copies of your data, you aren't even taking the minimal precautions to keep your business going.
Ideally you have at least one local backup and one offsite. Testing them is a great idea too, and is a standard part of what a good IT service provider offers.
Now if you've got mission critical systems that need to be up 24/7 (like running an oil pipeline), there are systems out there that will provide constant, real-time backup. If something happens to the main computer, this one can be quickly configured to take its place. Or certainly faster than trying to restore entirely from backup.
Again, things a certain company wishes they had set up a month ago.
So these are the key things you need to know about a ransomware attack and how to defend against it.
While some of this may seem a bit daunting to get started with, this really is a case where prevention is your best option. Just remember a good cybersecurity policy has multiple layers, and your IT team should help guide you in how to best implement them.
If you need help getting started, please feel free to book a time via my Calendly link below.
STG IT Consulting Group proudly serves Greater Los Angeles and surrounding areas for all of your IT needs.
We look forward to meeting with you!