Urgency of Cyber Security After Colonial Pipeline Hack

What happened to Colonial Pipeline?

On May 7, 2021, Colonial Pipeline, Co. was forced to close operations after a ransomware hack was confirmed to have breached their systems. This attack hindered services to the East-coast of the United States and sparked fears of a massive gas shortage to American motorists. This hack greatly compromised Colonial Pipeline's system integrity and put private data at risk.  This fear is one which average Americans saw immediately at the pump as prices soared and many gas stations were even forced to close due to depleted supply. Colonial Pipeline CEO Joseph Blount authorized payment of the more than four-million-dollar ransom to regain control of the computer system. Ransomware is becoming an ever more prominent concern across the technology sector and this hack is just one of the latest examples of that fact.

According to William Turton and Kartikay Mehrotra of Bloomberg News, the VPN account that Colonial Pipeline uses didn't use multifactor authentication, an increasing important cybersecurity mechanism, allowing the hackers to breach (their) network using just a compromised username and password. Since the hack occurred, the account password were found on the dark web as a part of leaked passwords, but it is not clear if the password was leaked before or after the Colonial Pipeline act.

On May 12, 2021, President Joe Biden issued an Executive Order which was designed to increase cyber-security protections for public and private sector entities. This increase in standards and regulation is now putting industry leaders and bad actors alike on notice regarding the increase in federal standards regarding cyber security infrastructures. The order states in part:

"The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American peoples security and privacy. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.  In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced."

The Urgency of Cybersecurity

Will your organization be ready when a similar attack  is launched against it? Do you have proper protections, tools and mechanisms in place? If you are not sure, Wilson Consulting Group is able to help. As an innovative, global cybersecurity and information technology consulting firm, Wilson Consulting Group recognizes that security is a top priority for businesses and government agencies. We offer staff training on the appropriate use of information assets and recommend effective solutions that help protect a company digital assets from exploitation by Advance Persistent Threats (APT)  Groups. The following services we provide can identify vulnerabilities, detect potential threats, and successfully protect your information and information assets:

• Cyber Security Assessment: A cybersecurity assessment analyzes an organizations cybersecurity controls and their ability to remediate vulnerabilities, which allows the organization to gain a high-level analysis of the network?s weaknesses so security teams can begin implementing security controls correspondingly.

• Vulnerability Assessment: Regular assessments of the resiliency of networks and devices that protect, process, store and transmit information are critical.  It is also important to identify security issues that might compromise the organization information, systems, or devices to determine the weaknesses of your information systems.

• Penetration Testing: Penetration Testing is areal-life testing of an organizations applications, systems, and devices to identify vulnerable Internet Protocol (IP) access points and determine where resilience to internal and external attacks and breaches are weak.