The Colonial Pipeline hack is causing chaos for consumers and concern among experts about the vulnerability of not only our energy sector but for businesses in all sectors.
RB Advisory’s CEO/Founder Regine Bonneau Shares Insight on the Colonial Pipeline Hack and Tips to Prevent it From Happening Again
(Winter Park, FL) May 11, 2021 – Cyber-attacks are a growing threat to America as companies and government entities find themselves vulnerable, even if they think they have systems in place to prevent such occurrences. According to statistics from Privacy.org, about 60% of cases occur within minutes and about 47% of breaches are the result of malicious or criminal intent. Colonial Pipeline, which has recently been attacked, carries gasoline and jet fuel from Texas up the East Coast to New York has been adversely impacted. While the company was not specific with the details of the situation, the White House and FBI disclosed it was due to a ransomware attack, in which criminal groups hold data hostage until the victim pays a ransom. This breach has heightened the vulnerability of the nation’s energy infrastructure to cyber-attacks.
Regine Bonneau, CTPRP, CEO/founder of RB Advisory LLC, a leader in security compliance and cyber risk management solutions for public and private businesses, shares her insight on the recent energy pipeline cyber-attack and what businesses can do to better protect themselves against such breaches.
Bonneau is a highly sought-after speaker within the cyber industry and recognized leader in several technology industry associations for her extensive knowledge and more than 20 years of experience in the field of cybersecurity, risk management and compliance in a variety of industries such as healthcare, financial, legal, government and energy sectors from small to large enterprises.
What Exactly Happened To Colonial Pipeline?
Regine Bonneau: “It is an unfortunate situation to observe the compromise of such a critical infrastructure that supports 45% of the East Coast’s fuel supply. Imagine if we were in the winter season. How would that impact us?
Sadly, this type of attack is happening more frequently, often on a smaller scale of which the general public is not being informed. This breach exposes the fragile state of the Supervisory Control and Data Acquisition (SCADA) Network and the Industrial Control System (ICS), which in my opinion has always been overlooked, not prioritized and as a result, diminished in importance when the opposite should be happening. As this investigation unfolds, we will realize that the attackers were present in the network for a long period of time prior to initiating this massive attack on Colonial Pipeline. It began over a couple of days where different controls were being tested undetected by the network. While there were likely some security solutions monitoring the network it obviously was not enough.”
Reports Said That The Colonial Pipeline Hack Was The Result Of Ransomware, What Is That Exactly?
Regine Bonneau: “Ransomware is a form of malware that once deployed encrypts files. It can be a targeted attack or spread across a network infrastructure, hence crippling a business operation, which can be life threatening. It is often initiated through a ‘phishing’ email campaign that contains malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website, which initiates the download and installation of a malware unbeknown to the user.”
How Does Ransomware Get Through?
Regine Bonneau: “An attack at this level that happens through ransomware is usually caused by a staff member’s credentials being compromised through a phishing email, the lack of education and awareness training for staff, and the diminished importance of cybersecurity at all levels from the board, ranging from management to operations and onto the technical team. An isolated SCADA network is at risk because the threat is from an insider, a trusted employee.”
Why Did This Happen?
Regine Bonneau: “Based on my previous experience and what we have learned working with a variety of Energy and Utilities companies, we found the following:
- Lack of prioritization of cybersecurity and compliance.
- Lack of proper cyber risk and security assessment for the SCADA network and the corporate network.
- Lack of security monitoring tools to understand the flow of internal and external traffic on the network infrastructure.
- Lack of email protection tools such as spam filtering.
- Lack of consistent and relevant education and awareness training for employees, staff, vendors and customers on a role and responsibilities-based approach.
- A lack of continuous vulnerability management and penetration testing (aka “pen testing”) of the network.
- The belief that the SCADA network is isolated from the corporate network; however, forgetting the human factor: the employees.
- Lack of tested policies, procedures and documentations.
- Patch management is not part of the process, which leaves the software and system working without security and undetected vulnerabilities.”
How Ill Prepared Is Our Country And Our Businesses?
Regine Bonneau: “The country is ill prepared due to a lack of resources in both funding and skill set. There needs to be a proper prioritization and importance of cybersecurity. Businesses need to understand and take responsibility for the guidance and implementation of cybersecurity and how it works.”
What can be done to reduce the chances that this type of breach occurs again?
Regine Bonneau: “There are five primary recommendations or ‘tips’ that businesses can implement to protect against this type of threat:
1) Consult with a cybersecurity expert or company that specializes in these services. 2) Next, conduct a full Cyber Risk and Security Assessment across the organization and the industrial network. 3) Consistent, continuous, and relevant education and awareness training for employees, staff, vendors and customers is critical. 4) It is also important to conduct a quarterly Pen Testing to properly assess internal and external networks. 5) Finally, conducting a Business Impact Analysis is key to really understanding the pre-and-post effects. Cybersecurity must be a top priority.“
About RB Advisory
Companies rely on RB Advisory for their holistic cyber risk management program. RB Advisory provides private sector and government clients with proven solutions and services to help protect their most important assets: data, clients, and their people. Recognized both locally and nationally as a highly qualified and trusted security compliance and cybersecurity firm, RB Advisory works with clients across a wide range of industries including healthcare, financial, legal, government, education, energy, technology, telecom, and retail. The company recently celebrated its fifth-year anniversary in March. Visit www.rbadvisoryllc.com to learn more.