Colonial Pipeline was looking for a cybersecurity manager in the months before the attack. It didn’t find one.
It’s one of the most disruptive cybersecurity events to ever happen in the U.S.
On Friday, Georgia-based Colonial Pipeline announced that the company has been victimized by a ransomware attack that’s led to the halting of all pipeline operations. Colonial Pipeline carries nearly half of the gasoline, diesel, and jet fuel used on the East Coast, making it a critical part of the U.S. economy and infrastructure.
By Wednesday, it was discovered that the company had been making some effort on LinkedIn to hire someone with a computer science or IT security background to manage a team in order to “develop, validate and maintain an incident response plan and processes to address potential threats.”
It appears Colonial Pipeline did not fill the position in time.
Businesses of all sizes are being attacked by ransomware
The incident underscores the importance of businesses of all sizes taking cybersecurity more seriously amid the rapidly-expanding threat of ransomware. The attack comes just several months after the Solarwinds hack that caused data breaches across thousands of global organizations, including the United States government.
Contrary to popular belief, it’s small and medium businesses across all industries that are typically the most attractive target for cybercriminals, due to their tendency to have lax defenses in place and their lack of resources to fight back against these attacks. Criminal organizations, using automated attacks in a “wide-net” technique, are able to target hundreds of small businesses at the same time. In fact, in the year prior to the Covid pandemic, ransomware was the number one cause of loss for small and medium-sized organizations.
But with the increasing inclusion of large enterprises like Colonial Pipeline and Solarwinds as successful targets, the federal government is aiming to make cybersecurity protection for American businesses and organizations a top priority. In response to the Colonial Pipeline attack, the Biden administration issued executive orders on Wednesday calling for the federal government and private sector to partner together to confront “persistent and increasingly sophisticated malicious cyber campaigns” threatening U.S. security and the economy.
White House issues executive order on cybersecurity
IT service providers will be required to notify the government about cybersecurity breaches that could impact U.S. networks. The executive order removes certain contractual barriers that might stop providers from flagging breaches. It also establishes a Cybersecurity Safety Review Board made up of both public- and private-sector experts, which will convene following cyberattacks to provide analysis and make recommendations.
The order also includes several steps meant to modernize the nation’s cybersecurity in the wake of ongoing cyber security catastrophes. As a side note, the right IT security provider will have implemented similar policies for your business:
- The order creates a standardized “playbook” and a set of definitions for how the government will respond to cyber incidents.
- Compels the federal government to begin upgrading to secure cloud services and other secure cyber infrastructure
- Mandates the deployment of multi-factor authentication and encryption with a specific time period.
- Improves the security of software used by the government, including by making developers share certain security data publicly.
- Improves the sharing of information by enacting a government-wide endpoint detection and response system.
It’s still unclear at this point how the hackers – believed to be Russian speakers from a notorious ransomware gang called DarkSide – was able to execute the breach of the company’s network and evade detection. IT security experts have speculated that the most likely scenario involves a supply chain attack, originating from a smaller vendor who didn’t have all the lockdowns and security in place.
Ready to talk about your own IT security defenses? Level5 provides the most robust and iron-clad cybersecurity protection on the market, bringing enterprise-level security solutions and managed IT services to SMBs across South Florida and the United States. From the legal industry to the healthcare sector and all professional service businesses along the way, Level5 protects your business from making the news for the wrong reasons. For a no-obligation network assessment and consultation, call our Boca Raton cybersecurity experts at (561) 509-2077 or Livechat us on our website at level5mgmt.com