Clarkston Consulting
Skip to content

Lessons Learned from the Colonial Pipeline Cyberattack

The recent Colonial Pipeline cyberattack, which carries 45% of all gasoline, diesel, and jet fuel from Texas to New York, highlighted concerns about cybersecurity for both the government and business organizations. DarkSide, the hackers behind the ransomware attack, encrypted the company’s user data and threatened to release it online. Though the pipeline has been restored to full operational capacity, it cost nearly $5 million to recover the stolen data.

Data is essential to all businesses, in all sectors. Whether you’re in consumer products, retail, or life sciences, a ransomware attack can have huge impacts on your company’s operations. For example, the Designer Shoe Warehouse’s e-commerce site lost access to store inventories for two weeks as a result of a ransomware attack on their software vendor. This temporary shutdown decreased visible units from 13 million to 1.3 million, which disrupted the chain’s ability to balance inventory between stores and warehouses. And, less than one month after the Colonial Pipeline cyberattack, another ransomware attack halted operations for JBS, which is the world’s largest meat processing company. Again, this attack clearly highlighted the potential impacts of shortages or price increases on both consumers and business operations. Cyberattacks, such as these, emphasize the need for businesses in all industries to protect themselves against computer network assaults.

Impacts of the Colonial Pipeline Cyberattack

As highlighted by this event, it is critical for businesses across industries to prioritize cybersecurity measures moving forward. This cyberattack demonstrated how companies that may not have historically prioritized cybersecurity can be left exposed, sitting as prime targets for those seeking to disrupt unsuspecting and unprepared organizations. In this case, ransomware targeted Colonial Pipeline’s IT systems conducting business management processes, which shows how critical it is for all IT systems to have up-to-date protections. One such way to increase protection is to systematically use patch management to cover vulnerabilities and loopholes. It is also important to keep in mind how ransomware attacks can have extended consequences on customers and stakeholders outside of financial extortion, as visibly demonstrated by the gas shortages resulting from the Colonial Pipeline event.

When ransomware engulfs computers and data systems, it can be difficult to determine the scope of an attack, tempting companies to pay the ransom to quickly resolve the issue. In many cases, hacker organizations will threaten to release any stolen data, keep systems frozen, or take other threatening measures, forcing companies to pay. However, it is important to note that the US government can prohibit payment to ransomware organizations from sanctioned countries, which sometimes takes the decision out of a company’s control. Still, it is estimated that around 50% of companies actually end up paying to regain control of their systems, and the amount paid as a result of ransomware reached at least $350 million in 2020 – a 300% increase from the year prior. In some cases, organizations may even budget business costs related to ransomware or cyberattacks. This recent increase in the cost of ransomware attacks highlights a significant cybersecurity problem that businesses must proactively address.

Measures You Can Take to Protect Your Company

Some steps organizations can take to prevent severe financial or operational damages from ransomware or other cyberattacks in the future are listed below:

Train your employees: The best way to prevent ransomware attacks is to provide training for your employees. Employees should learn to spot phishing emails and resist the urge to click on links and open attachments. They should also learn to be cautious when visiting unknown or suspicious websites. Attending social engineering training will allow employees to be more aware of potential attacks and be less susceptible to other manipulative strategies.

Procedures to Collect Suspicious Activity: Once employees have been trained to spot and avoid social engineering tactics, it is best to have policies in place, so they know how to report suspicious activity. Not only will this make the IT department aware of potential weaknesses in the security systems, but it will also demand strict adherence to security measures as employees continue to work in the company.

Implement anti-virus and anti-spam software: There are many technologies that exist to protect your company from potential cybersecurity attacks. Anti-spam and anti-virus solutions are some of the best ways to reduce phishing, malware, and ransomware threats. Advanced anti-spam and anti-virus solutions can achieve spam detection rates in excess of 99.9% and identify 100% of inbound malware.

Go ‘Hunting’: A really helpful practice to protect your company against cybersecurity attacks is to actively seek out potential intrusions. This is called threat hunting and it’s an extremely effective tactic to combat ransomware attacks. According to the SANS 2017 Threat Hunting Survey, 91% of organizations that use threat hunting tactics cited improved speed and accuracy of response. Threat hunters know where to search for indicators of attacks and indicators of compromise. Some things they search for are:

  • Unusual outbound network traffic
  • Geographical irregularities
  • Swells in database read volume
  • Large numbers of requests for the same file
  • Suspicious registry or system file changes

Streamline cybersecurity plans in your ecosphere: Businesses are becoming increasingly dispersed as diverse tech stacks and platforms are being adopted. Thus, creating streamlined cybersecurity plans for all your partners is more essential than ever. As seen in the DSW cyberattack, incidents at your partner companies can also impact your company. Even if your company is not hacked, it is possible for hackers to get into your database through partner companies. Without strong cybersecurity practices, on all fronts, your company is still at risk of being held accountable if confidential data is leaked.

Create a recovery plan: While it is important to protect against cyberattacks, there is no way to guarantee absolute safety. Just as businesses have been updating their risk management policies to address the potential of a global pandemic, there’s a need for businesses to have in place a plan for returning to business operations as quickly as possible. This is also the case for cybersecurity. Your company should create plans for how you would respond to a cyberattack and lay out steps on how your will resume operations efficiently and effectively.

Taking these recommended steps and lessons learned from the Colonial Pipeline cyberattacks can help prepare your company to successfully manage attacks on IT systems. It is important to consider how your company is preparing and addressing cybersecurity concerns such as ransomware attacks. With data taking an exponentially important role in all businesses, it is more critical than ever to prioritize cybersecurity and protect your stakeholders and business. Clarkston offers cybersecurity consulting services that can help you ensure that effective information and confidentiality protections for long term success and sustainability.

Subscribe to Clarkston's Insights

  • I'm interested in...
  • Clarkston Consulting requests your information to share our research and content with you.

    You may unsubscribe from these communications at any time.

  • This field is for validation purposes and should be left unchanged.

Contributions by Courtney Loughran and Maggie Wong

Tags: Cybersecurity Consulting