Why a Disaster Like the Colonial Pipeline Hack Was Bound to Happen
You have no doubt heard about – and maybe even felt the impact of – the Colonial Pipeline cyber-attack. It cost the pipeline operator millions of dollars in ransom payments and picked the pockets of millions of gasoline consumers up and down the East Coast as well. Unfortunately, many experts predicted something like this would happen sooner or later because the country’s energy infrastructure is extremely vulnerable.
Why Experts Predicted a Cyber-Attack Similar to the Colonial Pipeline Hack
The attack on the Colonial Pipeline is a symptom of what some experts are calling a ransomware pandemic. Simply put, malicious hackers are becoming more sophisticated, and companies are becoming increasingly vulnerable. These two factors have contributed to a track record of system hacking success, which has emboldened the hackers to increase the frequency and severity of their attacks.
Overall, U.S. companies shelled out over $350 million in 2020 to pay for ransomware attacks. Although healthcare and financial infrastructure is commonly targeted, according to the National Regulatory Research Institute, energy infrastructure seems especially at risk due to the rapid digitization across the increasingly networked and interconnected industry.
According to a 2019 Siemens survey, a whopping 56% of utility professionals said they had experienced at least one cyber-attack over the prior 12 months that caused an outage or resulted in leaked information. Additionally, more than 33% of the nearly 800 cyber incidents the U.S. Dept. of Homeland Security investigated from 2013-2015 happened in the energy sector.
Unfortunately, utilities and other energy companies are still coming up the learning curve when it comes to cybersecurity. For example, not requiring multi-factor authentication, lack of comprehensive cybersecurity plans, not maintaining adequate backups, and failing to segment the network to prevent malicious code from spreading out across the entire system, are examples of things that may be overlooked.
The basic premise is that companies need to do a better job with “cyber hygiene” – the simple maintenance tasks necessary to harden their networks, such as those listed above. The reality is that hackers, while getting more advanced every year, are simply exploiting systems where these easy hygiene tasks are not being done.
The bottom line is, don’t become another Colonial Pipeline – make sure your company’s cyber hygiene plan is up to snuff today!