From IT Systems to the Human Firewall: Lessons from the Colonial Pipeline Attack

This guest blog was contributed by Sai Venkataraman, CEO, SecurityAdvisor.


Last month’s attack on Colonial Pipeline was certainly not the first ransomware attack to ever be launched on an organization, though it will no doubt go down in history as one of the most impactful. While one of the largest pipeline operators in the United States was forced to shut down its systems in an effort to contain the threat, all pipeline operations halted. Days after the attack, the operator’s main lines continued to be offline, prompting the federal government to issue an emergency declaration which caused gas price hikes and supply shortage concerns in vast swathes of the East Coast.


Beyond wreaking havoc on the pipeline operator’s operations, Colonial also paid $4.4 million as a ransom to unlock its systems – proving that the real-world consequences of a successful ransomware attack can be devastating.


Unfortunately, these attacks are not solely limited to America’s critical infrastructure. They are also cheap, easy to execute, and lucrative, meaning cybercriminals will continue to launch these attacks against data-rich retailers, banks, and insurers, to essential service providers like hospitals, transportation operators, and food companies. In fact, the United States experienced 65,000 ransomware attacks last year, which equates to over seven per hour.


While ransomware attacks will never disappear, there are plenty of measures organizations can take to secure their IT systems and fortify their workforce, ultimately helping to prevent closures of operations and costly ransom payouts. These include:


  • Ensure all remote desktop connections are secure. Over the course of the pandemic, many workers used personal modems and routers to work from home. While remote access makes it easy for employees to connect in remote and hybrid work environments, these systems are also inherently vulnerable. Desktops that are inadequately secured make easy targets for cybercriminals looking to intercept communication – and are gateways for ransomware.

  • Create unique, complex, and rotating passwords. Passwords are the front line of defense in protecting sensitive data. With the right credentials, cybercriminals gain the administrative access needed to anonymously move around an organization’s network. By creating strong, lengthy, and complex passwords for each online account and application – and updating passwords regularly – organizations can lessen the chance that cybercriminals will gain access to sensitive information.

  • Deploy the latest security patch for internet assets. One of the primary security measures to prevent cyberattacks is to apply updates to all operating systems, applications, and embedded systems an organization uses. These patches are often necessary to correct vulnerabilities in the software. While multiple operating systems and ever-expanding networks can make it difficult to patch software at the earliest moment possible, creating a database of all IT assets in inventory and subscribing to security emails from vendors can help organizations stay up-to-date on security updates and fixes for any actively exploited vulnerability.

  • Empower workers to identify and take action against attacks. While cybercriminals can employ any number of tactics to infiltrate a company’s network, most ransomware attacks target employees, making it vital for organizations to empower employees to recognize and respond to these threats. By monitoring employees’ risky online behaviors, organizations can facilitate teachable moments for each individual to help them recognize ransomware threats in the moment of risk. These teachable moments also positively influence employee behavior by sharing tips that instill good habits that will keep their accounts safe, encourage them to change passwords, and ultimately ensure they minimize their attack surface. With cybercriminals now leveraging the notoriety of the Colonial Pipeline attack to launch further attacks that attempt to persuade users to click on malicious links disguised as ransomware system updates, organizations can teach their employees to distinguish legitimate emails from harmful attacks to proactively take action against bad actors.

As the Colonial Pipeline attack has shown, the threat ransomware poses is very real, very serious, and very costly. But organizations are not defenseless. Taking proactive measures to ensure computer systems and networks are secure, while also investing in the human element of their security posture, will go a long way in preventing network-crippling attacks and ensure that operations always run smoothly.


###