It seems that anyone with an online voice is writing about the pipeline attack. But, in case you missed it, on May 7, 2021 a major pipeline that carries fuel from Texas to the South-East United States was taken offline by a cyber-attack. This attack is known as ransomware, which makes a company’s data unavailable and unreadable through encryption.
What can we learn?
Lesson 1: It is never the scenario we expect.
As a community, we have attempted to create and run training models for attacks like this (attacks against national infrastructure). However, we have incorrectly assumed that the attack would come from a foreign government; we were wrong. The attack came from a group known as DarkSide, an Eastern-Europe cybercriminal group that primarily targets large organizations for profit. In fact, they even issued a public statement after the pipeline attack saying:
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” – DarkSide on Twitter
Even a group of cyber criminals have their limits and their own sort of moral code when it comes to extortion. Here is another take away: we can still be attacked, even if it’s by accident. In 2020, attackers took down a hospital in Germany using the same type of attack. When they were pressed to provide the decryption keys to get the hospital back online, they provided them for free. This group also claimed ignorance and said they were unaware that they had targeted an emergency medical facility.
Lesson 2: Convenience vs. Security
When it comes to security of any kind, you need to consider the balance between convenience (how easy is it for you or your team to do your job) and security (how difficult is it for someone else to impersonate you or access your system). Here is a good non-digital illustration: Think about airports before and after 9/11. Prior to 9/11, one could board an airline relatively quickly and with little scrutiny. However, 9/11 forever changed the way we approach travel and now travelers must allocate extra time for airport security.
As an owner or managing partner of a firm, you get to decide how many security precautions you are willing to implement, knowing that you may be sacrificing convenience or productivity for a better security posture.
Lesson 3: Know Your Pipeline.
The timing of this attack had a personal impact which I’d like to share because it’s rare for some of these big attacks to impact so many people. I attended a business conference in Orlando, Florida the week after this attack and my wife and I decided to use the trip as a mini vacation. The pipeline attack occurred on May 7th, the day before me, my wife and four kids set off on a drive to Florida. We spent two days driving down, a week there and two days driving back. However, it was not until we were already down there (almost 1,000 miles later) that the impact of this pipeline outage was reported. While I am glad to say that our return trip was uneventful, we did hit several exits that were completely out of gas and we had to strategically plan our return trip. Running too close to empty could have meant getting stranded somewhere.
So, what is your pipeline? What is the infrastructure that you rely on every day?
In the age of cloud, it is tempting to think that “my data is safe in the cloud.” But remember, cloud services only move infrastructure from you to the cloud provider. Software as a Service (such as Dropbox, Redtail, or Salesforce) can still be compromised.
If you experienced a cyber attack right now and you were unable to pull information for a particular client that wanted to make a time-sensitive withdrawal or trade, what would you do? If your accounting software or reporting system was made unavailable the day before payroll, what is your backup plan?
If you are unsure, uncomfortable, or need a confirmation that your cyber-security posture is in good standing, book a FREE assessment. We will walk you through a 15-20 minute assessment where, at the end, you will receive a CyberSCORE. This free report will be yours to keep and do with as you see fit.