Thales Blog

One Year Later: What Have We Learned Since the Colonial Pipeline Attack

May 9, 2022

Todd Moore Todd Moore | VP Encryption Products, Thales More About This Author >

It is hard to believe that it has already been one year since the Colonial Pipeline ransomware attack that forced the U.S. energy company to shut down its entire fuel distribution pipeline — and therefore threatened gasoline and jet fuel distribution across the U.S. east coast. Contrary to reports, the company paid nearly $5 million as a ransom to get access to all their systems. Service was then resumed in mid-May, and a group called Darkside was involved in the attack, according to the FBI.

One in five businesses are willing to pay the ransom

This attack was one of the biggest ransomware ones to date. Attacks on Critical National Infrastructure will continue to rise in 2022 as ransomware gangs show no signs of abating. Planning and preparation are essential. However, even after the Colonial Pipeline attack, less than half of businesses (48%) have a formal ransomware plan according to the 2022 Thales Data Threat Report. In addition, the report found that one in five businesses have paid or would pay a ransom to get their data. This demonstrates that there are still some businesses that have not learned the lessons of the Colonial Pipeline attack and listened to what security experts and the U.S. government is recommending to ensure the operations of Critical National Infrastructure are not affected by ransomware attacks.

Governments step up to protect all businesses

While implementation of security technologies such as multi-factor authentication and encryption have slightly increased, we have not yet reached the level where the majority of applications, data and operational technology are fully protected. Therefore, immediate action is needed to deploy more robust cybersecurity strategies.

The White House Executive Order on Improving the Nation’s Cybersecurity from May 12, 2021 and the supporting Office of Management Budget Federal Strategy to Move the U.S. Government Towards a Zero Trust Architecture dictate U.S. federal agencies and organizations to modernize and adapt their approach to address the changes in the threat models that they face. For example, both directives makes it mandatory for all agencies to deploy multi-factor authentication and encryption. Similar provisions are included the EU guidelines released earlier this year by ENISA.

Cyber insurance coverage ramps up

There is also huge debate around cyber insurance and whether it is fit for purpose. The fact is premiums are increasing and coverage is decreasing, especially if companies fail to establish basic hygiene controls. Cyber insurance is designed to help protect organizations against the fallout from cyber-attacks, including covering the financial costs of paying out ransomware demands and dealing with incidents.

Because of the continuously moving threat landscape, cyber insurance coverage is becoming an important element of a cybersecurity strategy in helping businesses survive the aftermath of a breach. However, cyber insurance can’t protect your business against the reputational and brand loss that results from a cyberattack. Having a strong business continuity plan in place to protect your most important data is the best way to safeguard your organization.

How to ensure business resilience

To ward against such attacks in the future, and to avoid another Colonial Pipeline scenario, security should be prioritized, and organizations need to get back to basics to prevent IT attacks from spreading to Operational Technology (OT). Some key things that organizations should do include:

1. Backup your systems and test regularly the effectiveness of your backups. Restoring your files from a backup is the fastest way to regain access to your critical business data.

2. Never give out any personal information when answering emails or via unsolicited phone calls, text messages or instant messages. Criminals can use them to launch phishing attacks.

3. Ensure all your systems and software is up to date with relevant patches – regular patching of vulnerable software is key to help prevent ransomware attacks.

4. Use multi-factor authentication for everyone (employees, vendors, etc.) everywhere.

5. Encrypt sensitive data at rest, in motion and in use.

When it comes to sensitive data, it is critical for businesses, government agencies and other organizations to be able discover where that data is located, protect the data, and control who has access to the data. Thales has a strong portfolio of solutions that can help you reduce the risks of ransomware attacks.