Author: George Ralph
What action needs to be taken in the wake of the Colonial Pipeline ransomware attack?
The Colonial Pipeline ransomware attack has sparked debate and comment internationally over the past few days. But, as a technology provider to some firms who hold extremely sensitive data around the world, this is not a new conversation at RFA. There have been some hugely significant cyber attacks over recent months and surely lessons have been learned. But there is a lack of responsibly around cyber defences in some quarters. This might be down to a lack of understanding, but it can also be the ‘it’ll never happen to me’ mantra. The ransomware attack on Colonial shows us yet again that it can happen to any business. None of us, as business leaders, should have an expectation that anyone else is responsible for our own businesses but us.
The Colonial fuel pipeline is part of the energy infrastructure in the US, supplying nearly half of the fuel to the East Coast. The knock on effect of the Colonial shut down in the wake of the cyber attack is now evident at ground level. Reports are coming in of a fuel price increases and fuel stations being run dry by panicked motorists. Attacks like these are hard evidence that as we continue to digitise workflow on any level, including massive national infrastructure, we need to review our overall technology architecture. Digital transformation is a wonderful thing, but you must look at the whole picture, not just the operational front end.
The Biden administration has acted quickly, with Biden signing an executive order yesterday aimed at strengthening US cybersecurity defences. The executive order requires IT service providers to report all cyber attacks that could impact US networks, removing any contractual obligation to the contrary; improves information sharing and sets standards that government organisations must abide by. This doesn’t however translate to privately owned businesses.
The cybersecurity problem is so large and unwieldy, surely the only way to make a significant impact is if every business acts. Take the Solar Winds attack. Hackers identified network management software that they could access, installed malware into an update of that software by changing thousands of lines of code, and watched as that update infected over 18,000 organisations globally. We are not just responsible for our own business, we have a responsibility to every organisation we communicate with too. One single remote device that has security vulnerabilities can be responsible for devastating financial and reputational attacks on your business.
However, all the while the cyber criminals have been advancing their capabilities, cyber security capabilities have been advancing too. Security protection against cyber threat is possible, and here is how. RFA’s Managed Detection Response (MDR) encompasses a true end-to-end security solution for your firm. Facilitating real time 24/7 risk detection and containment by incorporating machine learning and AI capabilities, MDR can detect a threat, contain that threat and create reporting that allows for forensic investigation of the threat post event.
Our real time ‘always on’ threat detection monitoring leverages behavioural analysis, using machine learning and AI to monitor inbound and outbound connections as well as activity across all your systems and platforms. Looking for anomalies in the behaviours of a person or device, or bad links or data, our automated system can react to abnormalities and security threats in real time. Fully integrated with third party systems and platforms on your cloud, MDR provides you with a 360-degree security view of your network.
MDR incorporates a full Endpoint Detection and Response (EDR) programme. We understand that the massive increase in number of entry-points in to a network, and therefore a security risk, are mostly made up of devices and connections to multiple networks. EDR monitors processes and executables at the endpoint, but also monitors for potential adversarial activity. Leak detection and alerting preserves the integrity of corporate data at the endpoint, and MDR provides predictive alerting while correlating events to also identify risk.
Funnelled to our Security Operations Centre (SOC), using RFA’s AI Security Information and Event Management system, events and security logs are aggregated and correlated, facilitating streamlined reporting and ongoing investigation processes.
Cyber-attack prevention is, however, as we have said, everyone’s responsibility and the new AI and machine learning detection models can be assisted by each and every one of us. RFA work with our clients to provide comprehensive staff training on how to spot phishing attacks and what to do when faced with one. We also implement multi-factor authentication across our client networks as well as work with individuals on how to secure their satellite office systems effectively.
As technology continues to advance, we are working with clients to provide other ways to secure data and protect staff, clients, and business flow. Through public cloud solutions we are able to deliver secure desktops, manage accessibility to data and create secure collaborative solutions, both internally and with third party vendors. Designing a best of breed solution for every client, RFA’s MDR gives market leading performance and peace of mind, 24/7. If you aren’t comfortable your business has the cybersecurity structure in place that it needs, now really is the time to act. We can’t continue to expect to only get warnings from other people’s bad luck.