By George Ralph, Global MD and CRO
We are talking about cyberattacks more in 2021 than ever before. That might be because we know more about them; technological advancements in AI and machine learning allow us to see the analytics of an attack in detail; or it could be the realisation that we have a sweeping global problem and keeping quiet will not solve the issue. I think it’s the latter.
I have watched the rection to last week’s ransomware attack on the Colonial Pipeline organisation with interest. The consequences of the event, which in all probability could have been prevented, have been wide ranging. Business leaders all have a responsibility to focus on prevention rather than reaction when setting their policies and procedures around cyber security in place.
It’s interesting to see that DarkSide, the organisation behind the ransomware attack, didn’t intend the widescale disruption that they created. This is a major point to consider when discussing cyber attack; the intention of the hacker versus the reality of their actions. Hackers can often only see part of the network they are infiltrating, so can be unaware of the knock on effect or the decisions that will be taken in the wake of their attack. In the Colonial instance, the company itself chose to shut down their physical operation once they became aware of the problem. Not knowing how far reaching the DarkSide infiltration was, it was their only option while they reviewed the breach. This was not the intention of DarkSide who, it seems, had meant only to attack legacy IT hardware within the organisation and hold the systems ‘ransom’ for a cash reward. They did not set out to disrupt the physical pipeline itself.
DarkSide are rumoured to have disbanded as the furore centred around the organisation has grown. Most cyber hackers will pop up elsewhere under a different guise, so it unlikely to be the last we hear from them. DarkSide have previously portrayed themselves as a rather heroic figures, targeting large corporations for cash in ransomware attacks. Shutting down over 5000 miles of national US infrastructure, the end result affecting normal citizens, was not on the agenda. Defences of national infrastructure by governments all over the world have been low for years and cyber criminals know that, so their focus on ransomware attacks of private businesses does suggest that the fall out at Colonial was more than DarkSide had anticipated.
There are so many lessons to take from last week’s attack. A great cybersecurity profile relies on technology, process and procedures and user engagement to be really successful. Each strand supports the others to achieve best practice. It doesn’t work to have great new digital solutions bolted to legacy hardware; a business needs to assess its overall digitisation strategy to build a cognizant cybersecurity solution. AI tools allow a business to monitor threats, action preventative measures and manage the overall threat landscape. If an attack does infiltrate an organisation, having the means to accurately report on where the breach took place and how and where the attack has affected the business allows minimal disruption, unlike the situation at Colonial.
Not having the means to monitor, prevent and manage cyber attack leaves a business wide open to unknown intrusions that cannot be managed without a massive and ongoing impact. Learn from last week’s attack at Colonial and super impose that ransomware attack on your business. Do you have good enough cyber hygiene in place should an external or internal bad actor target your network?