• Security

    Can You Afford to be Shut Down?

    June 2021 by Brandon Lackey, Chief Information Security Officer, BVS Performance Solutions Reources Image

    I'm sure you've heard about the ransomware incident at Colonial Pipeline that was announced on May 8 of this year. The outcome of which was the shutdown of critical infrastructure that left millions with little or no access to gasoline up and down the east coast.

    So, what exactly happened?

    The details are still scarce, but we know that enough of Colonial's network infrastructure was exposed to the malware that it had to be shutdown. The hallmark of ransomware is to encrypt accessible files and/or databases such that they become unusable by the systems that rely on them. Modern ransomware can encrypt any drive or resource that the computer is attached to. So, imagine all of those file shares you connect to each time you log in to your institution's network suddenly becoming “unavailable.” For everyone and everything. In this case, Colonial chose to hit the “kill switch.”

    ...and can this happen to you?

    To answer this honestly, you need a basic understanding of how ransomware is delivered, and this is pretty simple. Email. The answer is overwhelmingly email. Verizon did a deep dive on data breaches across most major industries and found that email was used to deliver the malicious payload in 94% of cases. You have heard that type of attack called by many names. Social engineering, phishing, spear phishing, whaling, these are all nuanced labels of the same ploy. Attempts to trick a user into downloading a file (malware), following a link to a malicious website (to download malware), or otherwise providing sensitive information that will allow an attacker access to protected resources (to install malware).

    Well...

    Let's talk about email. You probably have a number of vendors in place to help protect against unwanted/unsolicited mail and they are likely very effective against most attacks. However, very effective is not completely effective and as thousands, hundreds of thousands, or millions of messages hit those filters, something will land in front of your staff. How will they interact with that message? How much confidence do you have in all of your email users to make the right decisions? Is there a likelihood that someone, somewhere in your organization may get duped? What happens next?

    The Aftermath.

    If employee security awareness was an afterthought prior to May 8, 2021 then this is your wake-up call to move it to the forefront of your thinking. Several house bills have been introduced around cybersecurity in the past few weeks and it is inevitable that how you manage your security program will receive deeper inspection from auditors and regulators alike. There is no overkill here with regards to preparedness of your staff to recognize dubious threats and handle them appropriately. Remember this, teams and technologies that defend against cyberattacks need to be correct 100% of the time. Attackers only need to be right once.

    How SAFE is your institution?

  • Recent Articles

    More Articles