The Colonial Pipeline ransomware attack a year on: 5 lessons for security teams


We’re excited to deliver Remodel 2022 again in-person July 19 and just about July 20 – 28. Be part of AI and knowledge leaders for insightful talks and thrilling networking alternatives. Register at the moment!


Right now marks the one-year anniversary of the Colonial Pipeline ransomware assault, one of many greatest cyber assaults in latest historical past, the place a menace actor named DarkSide used a single compromised password to achieve entry to the US’s largest pipeline operator’s inner techniques. 

In the course of the assault, whereas the hackers started encrypting the group’s knowledge, Colonial Pipeline responded by taking its techniques offline to cease the unfold of the menace, however quickly ceased pipeline operations and ended up paying a ransom of $4.4 million. 

Whereas the Colonial Pipeline assault could have handed, ransomware stays an existential menace to fashionable enterprises, and with ransomware assaults on the rise, enterprises must be ready. 

The excellent news is that there are a rising variety of safety controls that organizations can implement to guard themselves from these pervasive threats.

Deploy zero-trust architectures 

Login credentials are one of many key targets of cyber criminals. Consequently, it’s turning into extra necessary for safety groups to implement assist for zero-trust authentication, to make it tougher for unauthorized customers to login with compromised credentials. 

“The Colonial Pipeline ransomware assault was one more high-profile instance of compromised credentials being leveraged to use a beforehand believed to be safe infrastructure. Consequently, safety protocols should evolve to maintain tempo with dynamic threats throughout distributed computing environments,” stated CTO and Co-Founding father of Identification Entry Administration supplier Plain ID, Gal Helemski. 

Helemski recommend that organizations can forestall themselves from falling sufferer to related assaults by implementing a zero-trust structure that extends entry controls previous conventional community entry safety all through your complete lifecycle of the digital journey. 

Implement sturdy incident detection and response capabilities 

One of many greatest elements that determines the general influence of a ransomware breach is the time it takes for the group to reply. The slower the response time, the extra alternative a cyber prison has to find and encrypt essential knowledge belongings. 

“Colonial was an necessary inflection level for private and non-private sector infrastructure safety, however organizations want to stay vigilant to remain a step forward of cyber-attackers,” stated Director of Cybersecurity Evangelism at ransomer detection and restoration platform Egnyte, Neil Jones. 

In follow, which means creating a complete incident response plan, deploying options with ransomware detection and restoration capabilities, and providing staff cybersecurity consciousness coaching on the right way to implement efficient knowledge safety insurance policies like robust passwords and multi-factor authentication. 

Don’t depend on backup and restoration options to guard knowledge 

Many organizations search to defend towards themselves from ransomware threats by counting on knowledge backup and restoration options. Whereas this appears like an efficient protection on paper, ransomware attackers have began to threaten to leak the info they’ve encrypted if the sufferer group doesn’t pay the ransom. 

Slightly than counting on encryption-at-rest, which attackers can use compromised credentials to sidestep, Arti Raman, CEO and Founding father of encryption-in-use supplier Titaniam recommends that organizations change to knowledge in-use safety. 

“With encryption-in use knowledge safety, ought to adversaries break via perimeter safety infrastructure and entry measures, structured in addition to unstructured knowledge can [and] will [be] undecipherable and unusable to unhealthy actors – making digital blackmail considerably tougher, if not inconceivable,” Raman stated. 

Create a listing of your assault floor 

With so many superior menace actors concentrating on fashionable organizations with ransomware threats, technical choice makers and safety groups must have an entire stock of what techniques are uncovered to exterior menace actors and what knowledge they maintain. 

“Because the U.S. authorities strikes to bolster nationwide cybersecurity, organizations should take a proactive method to safe their very own belongings, and right here is the place the benefit lies: responsiveness,” stated CEO and co-founder of managed safety companies group,Cyber Safety Works, Aaron Sandeen. 

“By conducting an entire system stock both independently or outsource to a vulnerability administration firm, organizations broaden their cybersecurity visibility of identified and unknown exploits,” Sandeen stated.  

Whereas the group behind the Colonial Pipeline assault are defunct, Sandeen warns that enterprises will proceed to see a rising variety of exploits, vulnerabilities and APT menace actors keen to use them, “which is able to want safety leaders offering predictive and creative help in categorizing and eliminating ransomware threats.” 

Deploy id administration options to establish anomalous consumer exercise 

Within the period of distant working and staff utilizing private gadgets to entry enterprise sources, the danger of knowledge theft is bigger than ever earlier than. “A lot of the breaches we hear about within the information are a results of companies counting on automated entry management and realizing too late when a consumer has been hijacked. 

“As soon as an account is compromised, identity-based fraud will be extraordinarily troublesome to detect contemplating the superior techniques and randomness of various crime teams like LAPUS$ and Conti,” stated CISO of belief platform, Forter, Gunnar Peterson. 

For that reason, organizations must have the power to establish anomalous consumer exercise to allow them to detect account takeover, which Peterson says will be obtained via utilizing an AI-driven id administration answer with anomaly detection. 

VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve information about transformative enterprise expertise and transact. Be taught extra about membership.



Supply hyperlink

Leave a Reply

Your email address will not be published.