Are you curious how the largest attack on US energy infrastructure, Colonial Pipeline, was accomplished?
It was ENTIRELY and EASILY preventable. The VPN password was compromised or guessed.
Lack of preparation and monitoring allowed hackers to gain access to Colonial Pipeline’s systems. Even a basic understanding of cybersecurity best practices would have prevented this whole mess.
If they had done even one of these steps to protect themselves the attack could have been prevented:
- When employees leave, make sure you remove these credentials from the server and VPN device. When Micro Doctor does a free security audit, too often we find that employees that have not logged in for months or even years but their credentials are still active. Clean up those old accounts and disable or delete them.
- A best practice in cybersecurity to set up GEO IP Filtering in a firewall to block traffic from foreign countries. Especially those countries that have a higher cybercriminal population.
- Monitoring VPN logs is not an easy step, however, doing so could have caught the attack earlier. Say someone from Russia logs in, shouldn’t that be fairly easy to stop or detect?
- Lastly and the easiest way to protect yourself from cyber attacks — using Multi-Factor Authentication (MFA). MFA would have stopped this dead in the tracks. Many cyber insurance policies now require MFA to be implemented. Get that step done and sleep better at night knowing you are protected.
How to never pay a ransom?
BACKUP! Why couldn’t Colonial Pipeline just restore their backups instead of paying $4.4 Million in ransom? You should always have a backup that you can restore from quickly and even spin up a virtual server. This protects you from not only paying a ransom but also from losing money from downtime during business hours.
These are things every company should do. Not having these things in place has cost Colonial Pipeline no only money but their reputation as well. It also had a huge impact on the US economy and Stock Market.
What can you do?
If you aren’t sure your company is doing these things, Micro Doctor IT can help. Make sure you're doing all the right things to prevent situations exactly like what happened at Colonial Pipeline. Reach out to Sales@microdoctor.com or call 330-898-2100 x1 for more information or a free security audit.
Read the article from the CEO of Colonial Pipeline.
Written By: Mark Richmond, Chief Security Officer at Micro Doctor IT