23 years
97.9 Customer Satisfaction Score
200k Tickets Closed
83% resolved remotely
97% Resolved within SLA Goal

Why the Colonial Pipeline Attack Should Be a Wake-Up Call to Small Businesses

Securing a business or organization from IT threats is a continuous challenge, requiring IT security teams to continually monitor their infrastructure for incidents, quickly identify and address threats, and pinpoint and remediate emerging vulnerabilities. Despite the rising threat of cybercrime, many businesses still don’t prioritize cybersecurity. Yet, the recent Colonial Pipeline cyberattack is the latest example of what happens with an organization fails to safeguard its IT infrastructure. The company’s failure to do so illustrates the steps you must take and mistakes you must avoid to protect your business.

The Colonial Pipeline Cyberattack

Carrying oil from Houston, Texas to much of the Southeastern U.S., the Colonial Pipeline was hit by a ransomware cyberattack on Friday, May 7, 2021. The attackers, widely reported to be a Russia-based cybercrime gang known as DarkSide, encrypted a number of assets of Colonial Pipeline’s operational technology (OT) network at one of their natural gas compression facilities. As a result, Colonial Pipeline operators were no longer able to read or access operational data in real-time from many low-level OT devices. The Colonial Pipeline Company, believing the attackers might further compromise their operations, shut the pipeline down.

Subsequently, news outlets reported that DarkSide had also stolen 100 GB of data from the company. If Colonial Pipeline did not pay a ransom of 75 bitcoin (approximately $5 million), not only would assets on their OT network remain encrypted, but DarkSide would also publish the data they had stolen on the Internet. Within several hours of the attack, the company paid the ransom and, in exchange, received an extremely slow decryption tool. Colonial Pipeline was only able to begin restoring operations the evening of Wednesday, May 12, though they expected intermittent service interruptions to occur for several days afterward.

The Colonial Pipeline attack was the largest cybersecurity attack on critical U.S. infrastructure in history. Six days of downtime did a lot of damage and prompted “State of Emergency” declarations from President Biden on May 9, as well as the governors of affected states. The resulting fuel shortage not only delayed a handful of American Airlines flights. It also resulted in panic buying at filling stations in five states (including Florida), exacerbating the impact of the pipeline attack and driving up fuel prices.

IT security professionals will tell you, it’s not a matter of if you get hit by a cyberattack, but when. Initial analysis from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), industry publications, and other preliminary postmortems provide some insight into how this happened, which can help you mitigate the risk of suffering the severe outcome Colonial Pipeline Company endured.

How The Attack Occurred

According to CISA, the attack was executed through a spearphishing link, a common form of cyberattack in which attackers attempt to get a user to download malware by clicking on a link they are sent. Further, CISA noted that Colonial Pipeline did not employ robust security measures to segment its OT networks from its OT network. Failing to do so allowed the malware that employees had inadvertently introduced to their IT network to compromise the OT network as well. After the attack, the Associated Press published a story about an IT security audit of Colonial Pipeline that had taken place three years prior. The auditor, iMERGE, found significant vulnerabilities in the system, including the lack of a dedicated cybersecurity manager, employee cybersecurity awareness training, and a data loss prevention program.

While Colonial Pipeline, responding to the story, noted that it had made significant improvements since the audit, the extent of those improvements is not clear. What is clear is that glaring deficiencies remained. As per CISA, Colonial Pipeline’s emergency plan did not contain procedures for dealing with cyber incidents. As a result, response time and decision-making were impaired once the attack became evident. Further, the company indicated to the agency that it suffered gaps in knowledge about cyberattack security threat planning and response. In fact, a few weeks before the attack, Colonial Pipeline had posted a job description for a cybersecurity manager but had not yet filled the position.

Colonial Pipeline lost the $5 million they paid to DarkSide and considerable revenue during their shutdown. Given the vital role it plays in the nation’s infrastructure, it remains to be seen what the long-term revenue implications are from both the incident and its resulting reputational damage. However, the company will almost certainly face increased regulatory scrutiny — with potentially costly mandates ahead. Already, the head of the Federal Energy Regulatory Commission, Richard Glick, alongside other politicians like Florida’s own Senator Marco Rubio, have called for all oil pipelines to be subject to mandatory cybersecurity standards. The industry is currently exempt. Further, the industry already faced stagnating growth, even before the Biden administration’s call for alternative energy use. This incident may hurt any expansion efforts the company or its industry peers were planning.

Takeaways For Businesses Across Industries

No business owner or manager should believe that cybercriminals won’t target their business because of its size. On a recent Fox and Friends interview, Rubio noted, “there are plenty of businesses out there who get hit with these ransomware attacks and never report it.” Indeed, in 2020, reported cybercrimes not only rose a whopping 69 percent over 2019 levels, as per the FBI’s 2020 Internet Crime Complaint Report. Phishing tactics were used in more than a third of reported cases. More than 19,000 reported email compromise scams cost firms of all sizes (as well as individuals) $1.8 billion. This figure is separate from the 2,474 reported ransomware scams in 2020, the total losses from which are unknown.

In other words, your business, regardless of size or industry, could easily be targeted by an individual or cybercrime gang. It’s imperative that, if you don’t already, you prioritize your cybersecurity now by:

Segment and Secure Your Networks

Whether you’re operating a pipeline or not, it’s important to incorporate strong security measures across your networks to safeguard your assets. When end-users at Colonial Pipeline accessed the spearphishing link through the communications network, it spread to the OT network because the two systems were not compartmentalized.

Segment and secure key operational systems from your communications network to minimize the damage resulting from a breach of the latter.

Developing Cybersecurity Disaster and Business Continuity Plans

Too often, businesses remain mired in the outdated perspective that disasters only are physical. Colonial Pipeline failed to incorporate cyberattacks in its disaster planning and lost critical time trying to determine and then coordinate the appropriate response.

Make sure your firm’s emergency preparedness plan includes response protocols for a full range of potential cybersecurity incidents, as well as measures your firm takes to resume operations as soon as possible.

Conducting Employee Cybersecurity Awareness Training

DarkSide’s attack was successful because an employee (or several) were tricked into downloading their ransomware. While Colonial Pipeline shared with the Associated Press that they had implemented cybersecurity awareness training in the wake of the iMERGE, knowledge gaps remained as per the company’s own disclosure to CISA.

Conduct regular cybersecurity awareness training with your employees. Make sure that your training is continuously updated to incorporate new and emerging threats. Doing so is especially critical given the pandemic-induced transition to remote work for many employees. Remote work can help businesses remain operational in the face of the current public health crisis but also presents new vulnerabilities for cybercriminals to exploit.

If you want to safeguard your firm but either don’t know where to begin or don’t have the in-house expertise to get started, Palindrome Consulting can help. Moving to our managed IT services can help you safeguard your IT assets and your business. We stay on top of cybersecurity threats so that you don’t have to. Not only will you save time and money, but we’ll work tirelessly to keep your data secure, identify and address any and all attempted attacks, and help you minimize your business risk. Contact us today for a free consultation.

Schedule your No-Obligation IT Assessment with Palindrome Consulting

Schedule Now

Elizabeth Mitrani
Elizabeth Mitrani
17:23 06 Aug 19
Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more
Moshe Rubinstein
Moshe Rubinstein
14:57 28 Jun 19
They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more
Benjamin Wainberg
Benjamin Wainberg
14:09 28 Jun 19
Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more
Copier Man
Copier Man
13:56 28 Jun 19
We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more
Martin Feldman
Martin Feldman
16:43 26 Jun 19
As a partner in Fischer & Feldman, P.A. we have utilized Palindrome Consulting as our IT experts for many years. In... addition to keeping our server up and running, they are available to consult on the everchanging cloud and web landscape. We could not function as a successful law firm without their constant care, attention and almost IMMEDIATE RESPONSE TIME.read more
Rebecca Fischer
Rebecca Fischer
16:39 26 Jun 19
Palindrome has been my IT company for more than 15 years. We have been through four server and computer replacements... over the years all of which went smoothly. As technology has changed Palindrome has kept us current in their recommendations and are extremely responsive when we run into a software or hardware problem. We have been through hurricanes with Palindrome and felt confident they would have us up and running as quickly as possible and despite the fact we are probably a smaller client, they have treated us as one of their most important clients. I highly recommend Palindrome and have complete confidence in their capabilities and service. They have even gone the extra mile when we wanted to donate our old computers to a children's special needs school and delivered the computers, set them up and provided service for the same. Ilan Sredni is the consummate professional and has surrounded himself with top professionals and skilled technicians.read more
Nelson T
Nelson T
20:32 25 Jun 19
Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more
Next Reviews