Cybersecurity Measures Under Scrutiny Following Colonial Pipeline Incident: Is Enough Being Done to Prevent Similar Attacks?
In a digital world where cyber threats are ever-present, ransomware attacks have emerged as a significant concern for organizations across various sectors. According to recent findings by Verizon, 82% of all breaches involve humans, often through phishing, smishing, or other errors.
Amidst this rising threat, it's concerning that less than one-third of companies currently use multifactor authentication, a basic measure that can prevent common types of ransomware attacks.
Over the past two years, organizations in sectors such as healthcare, education, local government, and critical infrastructure have been hit hard by ransomware attacks. In response, healthcare providers have implemented measures aligned with the NIS-2 Directive, including risk assessments, incident response planning, continuous security monitoring, staff cybersecurity training, and mandatory reporting of incidents within 72 hours to authorities. Many organizations have also adopted advanced ransomware detection and response solutions.
The devastating impact of ransomware attacks was evident in 2021 when the Colonial Pipeline, one of the largest oil pipelines in the United States, was shut down due to a ransomware attack. The shutdown affected millions of businesses, consumers, and travelers from Texas to New York. The incident led to the issuance of the first-ever cybersecurity regulations for pipelines by the Department of Homeland Security.
The Biden administration is seeking $26 billion in cyber funding for the 2024 fiscal year, reflecting the growing importance of cybersecurity. However, despite government action, ransomware cases against critical infrastructure entities increased to 870 in 2022.
The FBI and Cisco have warned of Russia-linked hackers targeting critical infrastructure organizations, while China-nexus hacker Silk Typhoon has been identified as targeting cloud environments. Researchers have also warned of a zero-day vulnerability in SiteCore products and NetScaler.
To combat these threats, regular checks for technology updates, adherence to NIST and CISA recommended frameworks, running vulnerability assessments, and scheduling user training are essential for maintaining cybersecurity awareness. Regular user training around best practices in basic security measures is a crucial step to mitigate the risk of breaches from human error.
In addition, implementing a zero trust framework that adheres to all elements of NIST and CISA guidelines is important for handling human failures. Companies should also have a clear plan for communicating with stakeholders and the public in the event of an attack.
Moreover, outdated hardware and software leave companies vulnerable to known ransomware attacks. To address this, U.S. agencies are now required to post a software bill of materials.
Finally, companies need a thorough response plan in place for ransomware attacks, including business continuity, disaster recovery, and data recovery components. Continuous assessment of security posture is necessary for critical infrastructure organizations to avoid leaving data exposed.
The humble printer, often overlooked, can also highlight security flaws. As we navigate this digital landscape, it's crucial for organizations to stay vigilant and proactive in their cybersecurity measures.
