How to protect your business from a hack like Colonial’s
Although the immediate ramifications of the Colonial Pipeline hack have since subsided, its implications are still being felt across all industries. We have become aware of our dangerous vulnerability to malicious actors. This has led many industry professionals to question whether their systems are prepared for such an attack. In order to answer this question, it is first important to understand what happened to Colonial.
How did this happen?
While the details on the story are hazy, since Colonial has not released them, what we do know is on May 6th, 2021, Colonial was hacked by the hacking group Darkside, who used ransomware on Colonial. To isolate the threat, Colonial shut down their own pipelines. Almost immediately after the breach was discovered, Colonial paid about $5 million in Bitcoin to Darkside, but it still took the company about a week to get their operations up and running again.
Ransomware hacks usually follow a basic pattern. First, they infect a computer in their target organization. This can happen through a variety of methods. An employee could have clicked on a dangerous link in an email, downloaded an infected file, etc. The hackers then spread the virus throughout the network and encrypt the network’s data. Colonial shut down their own pipelines because of this; a hack that likely started with one computer could have spread to their entire system. By shutting down all systems, Colonial contained both the damage and the amount of data the hackers could access and encrypt.
Once the data has been encrypted it cannot be accessed. The hackers will leave a message on the computer with a ransom note, which essentially says if you do not pay you will not get your data back. The hackers may also threaten to release the data, which can include confidential information, if the ransom remains unpaid. Payment is usually demanded in Bitcoin, as it is significantly more difficult to track than traditional currency.
How can I protect my business?
Unfortunately, protection against an initial infiltration can never be 100% guaranteed, because human error can never be entirely eliminated. All it takes is one employee’s momentary lapse in attention, one wrong click, and the hackers are in. The good news, however, is that the risk can be significantly minimized through effective user awareness training, good anti-viral software, and consistent server backups.
As we discussed in previous articles, effective user awareness training, such as the one provided by DDKinfotech, can reduce phishing victimization rates from 10-25% to 2%. We also provide our clients with new cutting-edge software programs, that can recognize and isolate malware with unprecedented success. The triumph of these programs lies in their nature. Malware runs differently than other kinds of software, and these new programs can identify malware’s unique footprint and immediately alert the user of the attack, while simultaneously reversing the damage the malware is inflicting.
Server backups are the final piece of the puzzle. For example, DDKinfotech provides multiple independent backups for our clients. Should a data breach occur, data can be recovered to the most recent server backup, which could be as recent as 30 minutes prior to the ransomware attack. Not only is this important because it gives the hackers significantly less leverage, but it is also important because for most businesses time is money. Every minute lost translates into lost profits. By having multiple independent backups, businesses can reduce the amount of lost time (and profit) from days to minutes, should a data breach occur.
The lesson of Colonial is that we are all vulnerable. No man, business, or institution can entirely protect itself from a hack. The most effective methods of protection are therefore education, strong firewalls, and consistent backups. It is through this three-step process that you can protect yourself and your business from hackers like Darkside.