Attacks on critical infrastructure have been a major concern for years, a decade at least, but they have accelerated in recent months after two heavily publicised breaches in the US —the SolarWinds intrusion by Russia’s main intelligence service, and another against some Microsoft-designed systems that has been attributed to Chinese hackers — have highlighted the vulnerability of the networks and infrastructure on which the government and corporations rely. This week another ransomware attack has become big news, this time at Colonial Pipeline, the privately owned fuel pipeline from Texas to New York. We don’t yet know why the total shut down of the pipeline happened – it could have been to prevent additional attacks rather than having been disabled as part of the attack– and we don’t know if the ransom was paid. But what we can do is look at how such an important part of the US energy infrastructure was taken out of service by cyber hackers, and what we can do to prevent such measures being taken against our own businesses.
Colonial haven’t been able to cover up the attack as they needed to explain why the pipeline was shut down. Being the victim of a cyber attack can have a far reaching effect on the reputation of a firm. In the alternative investments market we would cite the consequences of a successful attack as financial loss, a breach of client data or a system shut down. The reputational cost of such a breach isn’t really calculable. Consequently, in order to protect reputations, I imagine we only hear publicly about a small proportion of the ransomware breaches that happen. The extent of the real problem is unknown and probably unimaginable. The vast scale and complexity of the internet combined with the ability of the hackers – some of whom are part of organised crime groups, and some of whom it has been suggested work for opposing nations governments – means that action from government agencies worldwide is struggling to make a dent in the problem.
The best form of defence is prevention and there is no question that preventing cyber attack requires specialists. State-of-the-art defences, including machine learning tools, AI and behavioural analysis tools can monitor platforms and applications as well as human behaviour. By deploying a 24/7 Security Operations Centre (SOC) to manage the reporting on those tools, a firm can rest assured that their networks are being monitored even when they are not working. Using an SOC and specialist engineers to actively monitor networks for anomalies and who are trained to detect known threats is a great way to block attackers and infiltration tools before it is too late.
Every time a firm opens up a new connection, there is a risk of cyber attack. Ransomware is just one form of the debilitating options used by hackers to ransom your business professionally and financially. The RFA managed security service combines continuous monitoring of endpoints, networks, applications and web resources with user behaviour analytics and investigations by teams based in our own dedicated SOC. The ability to observe behaviour and activity continuously in real time and correlate the data across thousands of events each day means RFA’s AI solutions have far better reach and scalability than traditional cybersecurity solutions. This joined up approach between machine learning enabled technologies and security experts means your endpoints have the same security as your network, preventing threats from entering at any point and moving laterally.
If you would like to talk more about any concerns you have for your firm, please do get in touch.