The Colonial Pipeline Ransomware Attack — How Would The Same Attack Affect Your Business?
Ransomware has once again made headlines, this time thanks to an attack on Colonial Pipeline. What lessons should you learn from this cybercrime event?
A ransomware attack against Colonial Pipeline has resulted in a widespread shortage of gas across the country. The encryption of the petroleum supplier’s systems forced them to shut down operations for a number of days, highlighting the vulnerability of critical US infrastructure to cybercrime attacks.
Given that Colonial Pipeline is a massive and vital US business, they will undoubtedly survive the event. Like major banks, they are “too big to fail”.
However, in the fallout of an event like this, it’s important to ask yourself how it would play out if it happened to you and your business. Would you be able to survive a ransomware attack?
Ransomware Has Never Been More Common Or More Dangerous
Cybersecurity industry leaders Datto recently released their Global State of the Channel Ransomware Report, developed from statistics reported by over 1,400 survey respondents. Managed service providers, channel partners, and Datto clients help to paint a stark picture of the rate at which ransomware is being used against unsuspecting businesses.
Ransomware hit new heights in recent years, affecting a majority of businesses that have encountered any kind of cybercrime threat:
85% of MSPs report ransomware as the most common malware threat to SMBs.
In the first half of 2019 alone, 56% of MSPs report attacks against clients. 15% of MSPs report multiple ransomware attacks in a single day.
There are a number of key costs that will come with a ransomware attack, including:
Ransom: This is the most obvious cost, and it just keeps going up. According to cybersecurity company Coveware, what was an average ransom of $6,733 in 2018 increased to $12,672 in 2019. According to Datto, the average ransom requested by hackers is increasing. MSPs report the average requested ransom for SMBs is ~$5,900, up 37%, year-over-year.
Downtime: As Kapersky notes, 34% of businesses hit by ransomware take up to a week to regain access to data. In that week, you’re still incurring costs associated with downtime while you and your staff can’t access your data. That’s time in which you can’t get work done, can’t serve your clients, can’t gain new business, and still pay your employee wages and ongoing costs to keep the lights on.
Put simply? Lots of expenses with no revenue.
Downtime costs are up by 200% year-over-year, and the cost of downtime is 23X greater than the average ransom requested in 2019.
Remediation: Lastly, there’s the cost of damage control. Do you have to hire an IT company to help you out? Do you have to hire a forensic cybersecurity crew to determine how you were attacked? Do you have to pay fines for breaching HIPAA or FINRA regulations? These all get added to the bill for getting hit by ransomware.
The highest ransomware demanded by cybercriminals was $8.5 million
The highest ransom paid by a target organization was $935,000
How Can You Defend Against Ransomware?
The best way to defend against ransomware is to work with an IT company (like Centerpoint IT) whose team can implement a range of cybersecurity protections that will keep your data protected and your business in operation, no matter what happens:
Access Controls: Access controls should be configured so that shared permissions for directories, files, and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories. Furthermore, only those needing local admin rights are to be provided with that access.
Firewall: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users or suspicious connections from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
Network Monitoring: Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects.
Data Backup: If you have a data backup solution, then at least your data is protected. While this won’t do much to address the disruption an attack will cause, you can still avoid data loss, or having to pay the ransom to get your data back. That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary. Be sure to:
Back up data on a regular basis, both on and offsite.
Inspect your backups manually to verify that they maintain their integrity.
Secure your backups and keep them independent from the networks and computers they are backing up.
Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.
What’s The Best Way To Protect Yourself Against Ransomware?
When you’re not sure if you have the skills or knowledge to get the job done, what can you do? Consult with cybersecurity professionals like those on the Centerpoint IT team.
With a layered IT security approach (including effective systems, tools, and processes) you can have the peace of mind that your business is prepared for cyber-attacks.
The good news is that IT security does not have to be complicated and expensive — but you do need a solid plan. Let’s have a conversation, and figure out if your IT security can stand up to today’s threats.