On May 7, 2021, Colonial Pipeline, Co. was forced to close operations after a ransomware hack was confirmed to have breached their systems. This attack hindered services to the East-coast of the United States and sparked fears of a massive gas shortage to American motorists. This hack greatly compromised Colonial Pipeline's system integrity and put private data at risk. This fear is one which average Americans saw immediately at the pump as prices soared and many gas stations were even forced to close due to depleted supply. Colonial Pipeline CEO Joseph Blount authorized payment of the more than four-million-dollar ransom to regain control of the computer system. Ransomware is becoming an ever more prominent concern across the technology sector and this hack is just one of the latest examples of that fact.
According to William Turton and Kartikay Mehrotra of Bloomberg News, the VPN account that Colonial Pipeline uses didn't use multifactor authentication, an increasing important cybersecurity mechanism, allowing the hackers to breach (their) network using just a compromised username and password. Since the hack occurred, the account password were found on the dark web as a part of leaked passwords, but it is not clear if the password was leaked before or after the Colonial Pipeline act.
On May 12, 2021, President Joe Biden issued an Executive Order which was designed to increase cyber-security protections for public and private sector entities. This increase in standards and regulation is now putting industry leaders and bad actors alike on notice regarding the increase in federal standards regarding cyber security infrastructures. The order states in part:
"The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American peoples security and privacy. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced."
Will your organization be ready when a similar attack is launched against it? Do you have proper protections, tools and mechanisms in place? If you are not sure, Wilson Consulting Group is able to help. As an innovative, global cybersecurity and information technology consulting firm, Wilson Consulting Group recognizes that security is a top priority for businesses and government agencies. We offer staff training on the appropriate use of information assets and recommend effective solutions that help protect a company digital assets from exploitation by Advance Persistent Threats (APT) Groups. The following services we provide can identify vulnerabilities, detect potential threats, and successfully protect your information and information assets:
Many cyberattacks succeed due to mistakes by employees and a lack of awareness of basic aspects of cybersecurity. According to the 2022 Verizon Data Breach Investigations Report, 82% of data breaches in 2021 involved the human element.
5G is a wireless technology with higher speeds and increased bandwidth, which means that you can download/stream videos online at a faster rate without worrying much about the number of users on the network. 5G networks also help reduce the time needed for data to travel across the network. This process is called latency, which is a major factor in automated processes, such as self-driving cars and factory robots. Due to the massive connectivity of devices collectively known as the Internet of Things (IoT) across 5G networks, viable and in-depth security measures should be in place to prevent cybercriminals from hijacking the connected devices or launching Distributed Denial of Service (DDoS) attacks.
When hackers breach a database, they take advantage of weak or stolen passwords 81% of the time. This is what led Troy Hunt to publish a new version Pwned Passwords where people can verify if the password they typed in has been leaked in a previous data breach. The intention is there: businesses are not supposed to let their customers (or employees) use compromised passwords, especially those written in plain text. This begs the question: are passwords enough to secure companies when an actual breach happens?
Stay In The Know With Our Newsletter
