The Colonial Pipeline Catastrophe: 5 Ways Proactive IT Could Have Stopped It
Think proactive IT has zero to little implications for your everyday life? Consider this: Sixteen thousand. That’s the number of gas stations that ran dry in the summer of 2021.
Just as the summer vacation season was getting underway, a ransomware attack on Colonial Pipeline threatened to ruin it all.
People began panic-buying gasoline. Cars lined up at gas stations. Gas prices spiked. Almost immediately, Colonial Pipeline gave in to the ransom demands and paid $4.4 million.
But all of this might have been avoided with a more proactive approach to cybersecurity. As a managed IT provider, we work with businesses all the time to help them avoid expensive technology failures like this one.
We’ve identified 5 things that Colonial Pipeline could have done differently if they’d had a proactive IT management approach to cybersecurity that may have saved them millions of dollars and consumers’ sticker shock at the pump.
The 5 Technology Fails that Caused Big Problems for Colonial Pipeline
1. A Weak Password
It’s believed that the hackers gained access through a compromised password on a VPN that was no longer in use.
Experts suspect that an employee probably used the password for more than one account. Reuse of passwords is a poor cybersecurity practice.
Proactive IT management can help you train your employees to engage in best practices to keep your network safe by teaching them to use strong, unique passwords. Many employees may not even understand the serious risk that this one choice poses to your business. Proactive management should always incorporate a training component so employees understand and engage in best practices.
2. Poor Account Management
The hacked account was believed to belong to an employee who was no longer active and was accessed through the Virtual Private Network (VPN.) The problem here wasn’t the VPN, which is a great security tool. The issue is that Colonial Pipeline’s VPN was exploited through an old account that should not have been active.
Just as you grant new employees secure access to your network as they join your organization, proactive IT management includes identifying and removing employee accounts that are no longer in use as they offboard. It is critical to delete any cloud accounts accessed by former employees and have them remove company apps from their personal phones and tablets.
3. No Multi-Factor Authentication
The hacked Colonial Pipeline account did not have multi-factor authentication (MFA) enabled, which is an additional step beyond a simple password. In addition to a password, other identity verifications are required that might include a code, a security question, etc.
As part of a proactive approach to cybersecurity, a managed IT company will train you and your employees in best security practices. We highly recommend that your network be protected by setting up MFA. This proactive step is easy to set up and provides a significantly more robust defense than a password alone.
4. No Ransomware Attack Plan
Due to the significant economic impact of this ransomware attack, Congress held hearings to uncover why this happened. Colonial Pipeline CEO Joseph Blount made the stunning admission that their company did not have a plan for a ransomware attack! According to Blount’s congressional testimony, they had spent more than $200 million on IT over the past five years. Yet they had no plan!
Senator Sen. Maggie Hassan, D-N.H., issued this statement after the hearing: “It is a stunning admission that Colonial Pipeline did not have a plan in place if hackers requested a ransom payment. I’ve talked with small school districts in my state of New Hampshire that are better prepared for cyberattacks than Colonial Pipeline was.”
It leaves one to wonder whether they would have paid a $4.4 million ransom within a day of the attack if they’d had a proactive plan in place.
It’s important to train your employees on how to respond to an attack to minimize damage. A plan will delineate how a backup will be restored to get your business up and running — hopefully WITHOUT paying a ransom.
5. Possibly Unreliable Backups
Now, this is where the story gets interesting. The company paid a ransom of $4.4 million almost immediately even though the company claimed to have backups. One would wonder why they would pay such a large ransom so quickly if they had reliable backups.
It’s possible that the lack of a proactive cybersecurity plan played into the quick decision, but some IT experts suspect that their backups might have been too far behind to be helpful. In this particular case, even after paying the ransom, they were having difficulty recovering their data with the key provided by the hacker, so in the end, they did use some of their backups to restore operations.
Does Your Business Need More Proactive IT?
The Colonial Pipeline attack affected millions of people’s lives and thousands of businesses. It serves as a wake-up call to any business or organization that has been putting cybersecurity on the back burner.
With ransomware attacks on the rise, proactive IT management can help you plan ahead for the possibility of a ransomware attack. Whether you are a large corporation like Colonial Pipeline or a small company, you are not immune, and you must be prepared.
At SandStorm IT, we’ve made it our mission to ensure that businesses can survive whatever cyberattacks come their way. If you’d like to learn more about our managed IT services and how they can help keep your business running and secure let’s schedule a time to talk.