The Colonial Pipeline Hack

Exactly three weeks ago (5/8/21), the Colonial Pipeline Company announced that they had learned they had been the victim of a cybersecurity hack on their website. This attack involved ransomware, a computer virus that encrypts data and holds it hostage until the affected party pays the attacker to get its data back. Payments are usually issued in cryptocurrency.

Far from being a rare occurrence, in 2021, ransomware attacks are no longer measured in the number of attacks per day — instead, it is now measured in seconds. It’s estimated that a company is hit by ransomeware every 11 seconds (that’s 7,854 companies per day for those who don’t want to do the math).

In many cases, these events go entirely unnoticed by the general public. The attacker provides a method for payment, and the companies have to decide if they want to pay to get their data unlocked or if they want to try to restore their data from backups (and you should be making backups). These attacks are incredibly expensive for companies, costing on average of well in excess of $700,000 per event.

The Colonial Pipeline Hack

The Downstream Effect

A wake-up call

How does it happen?

According to a survey conducted by Sophos (virus protection we use at Metal Toad), incidents tracked the following vectors:

  • 45% via a file download, email link, or malicious attachment
  • 21% a remote attack on a server via the internet
  • 9% misconfigured cloud instance
  • 9% via Remote Desktop Protocol (RDP)
  • 9% via a supplier who works with our organization
  • 7% a USB/removable device

Protect yourself

  1. Teach staff (and yourself) not to click on email links, downloads, or plugin USB sticks into their computers.
  2. Hire a Cloud vendor that can configure, secure, and monitor your cloud servers.
  3. Secure and monitor any Remote Desktop Protocol (RDP) access you are allowing to your systems.

A data breach at (most) of our companies would not have the same catastrophic impact as it did at Colonial Pipeline, but we should use this incident as a “whale” in the coal mine and work diligently on all of our systems.

--

--

CEO/President of @metaltoad. Passionate about creating job opportunities in the tech industry.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joaquin Lippincott

CEO/President of @metaltoad. Passionate about creating job opportunities in the tech industry.