The recent ransomware attack on the Colonial Pipeline company has been heavily covered in the news in recent days due to the massive impact it will on the fuel supply chain. For years, cybersecurity experts have been warning those in the petroleum industry of the likelihood and seismic impact of a ransomware attack. Rick Bos, Security Technical Lead at W. Capra added, “If it is possible for an automated ransomware botnet campaign to breach critical services, it is safe to assume attackers without strong financial motivation will have the same success.”
What do I need to do?
If you have seen the news about the Colonial Pipeline attack and have wondered if your organization could be impacted the same way, a Security Assessment is an excellent place to start. By bringing in W. Capra to assess your security posturing, you’ll have a third-party view of standards, best practices and the ever-evolving threat landscape that may need to be addressed in your organization.
Bos added, “When the details of this particular ransomware attack emerge in the coming days, we will give a more specific view as to some of the safeguards that can be put in place. The most likely attack vectors in this case are either misconfigured edge/cloud services or spear phishing based on my experience with previous ransomware campaign incidents. Security awareness and test phishing campaigns are critical to mitigate this scenario, but the best approach is zero trust architecture[1].”
Is ransomware just the latest security attack vector?
Ransomware has been on the rise in recent years and is now being described in some outlets as an epidemic. As seen with the Colonial Pipeline incident, the stakes are escalating as well. Bos suggested, “When considering security protection and prevention measures, if the goal is to not become the next headline, the time to start working on your approach is today. This isn’t something that should be planned and budgeted for 2022.”
Rick Bos is dedicated to assisting W. Capra clients with all things security.
For further discussion, contact Rick Bos at [email protected].
[1] https://www.nist.gov/publications/zero-trust-architecture
