Lessons Learned From The Colonial Oil Pipeline Attack

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

May 6, 2021 will be a day that goes down in history. This is the day the Colonial Oil Pipeline went down, causing a nationwide disruption. Even though the pipeline only services a portion of the east coast, the effects of the shutdown was felt across the country.

Gas prices skyrocketed, lines at gas stations were so long it took hours to get through, and gas stations were pumped dry as people bought gas and put it in whatever container they could gather just to assure themselves they would have enough to get through the closure.

If you think about it, this type of ripple effect is not confined to energy and utility providers. While the scale of the effect would not be at the level of the pipeline, the devastation it could leave in its wake for your business and your customers is just as likely.

What’s the big deal?

To start – part of what rocked many in the cybersecurity industry is that no matter the size of your business, or the expertise of your cyber professional staff, no one is immune to an attack. These malicious hackers are so well-funded (some even by their government as was the case with Colonial) and highly-skilled that it is like playing whack-a-mole with all the best cybersecurity best practices.

As soon as you patch a hole, they find another and the game begins again. So the problem is deeper than just improving cybersecurity. However, there are things you can do that can reduce the risk of falling victim to a cyber attack.

Effective password management

Initial surveys are suggesting that one of the biggest problems with Colonial Oil’s cybersecurity was inadequate passwords. Cypress Data Defense lists some of the biggest password mistakes that open your network to increased risk.

They are: weak passwords, using the same password across multiple sites, or password recovery systems with generic authentication questions (i.e., birthday, pets name, etc). Some ways to counteract potential password problems are to enforce strong passwords, set up two-factor authentication, encrypting system passwords, and installing stronger authentication rules for lost passwords.

Outdated software

Another problem found for Colonial Oil was that an outdated version of Microsoft Exchange was still in service, creating an opportunity for unknown users to access their network.

In early March, Microsoft announced four vulnerabilities on the Exchange server that syncs email and calendar functions. This “gap” allowed hackers to gain access to users’ email accounts and install malicious code on the organizations’ servers.

While Microsoft reacted quickly and developed patches for the gap, it’s clear that Colonial Oil did not update theirs in time. his is why updating software is so important and needs to be done proactively and frequently. One of the best ways to counteract this risk is to set a schedule of when you will perform routine software updates to minimize the disruption to your employees but help you maintain effective security for your network.

Lack of cyber education for employees

Phishing attacks have increased by 11 times since 2016, according to the FBI, and nearly doubled from 2019 to 2020. 96% of phishing attacks are delivered via e-mail and 74% of attempts in the US are successful, highlighting the significant need for thorough, effective staff cyber security education.

The challenge remains…

Cyber criminals are increasingly industrialized and well-funded – meaning they have resources well above what the average business could manage.

As a result, they are able to evolve rapidly and strategically, and cyber defense has been unable to evolve as quickly. While there is no foolproof cyber protection, following the general best practices can put you in the right direction to significantly reduce your cyber-risk.

How to prevent cyberattacks

Even with such significant growth in the rate of cyberattacks, all hope is not lost. TechRepublic recently compiled a list of 10 things you can do to help prevent your business from being a victim of ransomware. While speaking specifically to ransomware, the same principals can be applied to malware and other hacking protocols. These are taken directly from TechRepublic and include:

1. Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.

2. Keep all software up to date, including operating systems and applications.

3. Backup all information every day, including information on employee devices, so you can restore encrypted data if attacked.

4. Backup all information to a secure, offsite location.

5. Segment your network: Don’t place all data on one file share accessed by everyone in the company.

6. Train staff on cybersecurity practices, emphasizing not opening attachments or links from unknown sources.

7. Develop a communication strategy to inform employees if a virus reaches the company network.

8. Before an attack happens, work with your board to determine if your company will plan to pay a ransom or launch an investigation.

9. Perform a threat analysis in communication with vendors to go over the cybersecurity throughout the lifecycle of a particular device or application.

10. Instruct information security teams to perform penetration testing to find any vulnerabilities.