Colonial Pipeline and D.C. Police Paying the Price for Neglecting These Simple Tips
Quickly reacting to a data breach can save a company time and money but preparing for one can save even more. With all the cybersecurity events making headlines recently, specifically the cyberattacks on the Metropolitan Police Department and Colonial Pipelines, we examine how enhanced digital security measures minimize the likelihood of damage created by data breaches.
Colonial Minimizing Data Breaches
Following the highly publicized disruptive ransomware attacks on the Metropolitan Police Department of the District of Columbia (D.C. Police) and private company Colonial Pipeline, companies and institutions across the nation are taking a hard look at the efficacy of their cybersecurity measures. After all, no one wants to be caught unprepared, scrambling to mitigate the effects of a cyberattack after the fact.
Implementing swift reactionary measures following a cyberattack is the best way for victim organizations to respond to breaches, but companies and institutions need to have established plans and protocols before a breach occurs.
D.C. Police and Colonial Pipeline didn't, let's take a look at what’s happening to them.
Washington D.C. Police Department: Breached
On May 10th, 2021, a ransomware gang known as Babuk released a statement on their website publicly claiming a successful cyberattack in what experts say is the worst known ransomware attack to ever hit a U.S. police department.
The Washington D.C. police department suffered a massive leak of internal information after falling victim to a Russian-speaking ransomware syndicate's efforts to breach the police department database.
Talks were underway between D.C. Police and the cybercriminal organization, but once the D.C. police countered Babuk's ransom demand for $4 million with an offer of only $100,000, negotiations with the D.C. police department had begun to break down.
The following week after refusing to accept the low-ball ransom, Babuk released scores of compromised D.C. police data, publicizing sensitive information concerning hundreds of officer disciplinary records dating back to 2004, including reports of drug use and sexual abuse.
Now former officers who have had sensitive personal data leaked by the group have lawsuits against the Washington D.C. police department for failing to secure their confidential information.
Did you know? The most effective method for addressing cybersecurity breaches is to prevent them before they happen.
The Washington D.C. police department has been very secretive concerning the details of the ransomware attack. While it isn't entirely clear how hackers could gain access to the D.C. police database network, Babuk claimed to have stolen more than 250 gigabytes of confidential and personal data.
Screenshots posted by the group revealed breaches in at least four computers, including intelligence reports, information on gang conflicts, jail census, and other administrative files. The FBI is continuing to investigate the attack.
Colonial Pipeline: Breached
Like the D.C. police department breach, Colonial Pipeline was also the victim of a ransomware attack. On May 7th the company released a statement declaring that they were halting operations due to the breach.
The Colonial Pipeline breach received more public attention than the D.C. police department breach due in part to the rippling effects of the Colonial Pipeline shutdown leading to unnecessary panic buying that created gasoline shortages on the East Coast.
The breach of one of the largest fuel pipeline operators in the U.S. was carried out by a group called DarkSide, thought to be a 'lock-up crew' that purchases access to systems already breached by crews specializing in securing entry to sensitive networks.
As a private company, Colonial Pipeline has been under less pressure to reveal details about the attack than government and public institutions; however, as a custodian of critical national infrastructure, calls for increased scrutiny into the breach have been mounting.
Colonial Pipeline resumed operations shortly after the attack became public, reportedly paying a ransom of 75 Bitcoins, roughly $5 million, to regain control of their systems. The FBI discourages paying ransoms and is continuing to investigate the attack.
How to Protect Your Business
While impossible to prevent all cyberattacks completely, companies can minimize risk by developing a Vulnerability Management Program and a Risk Management Program that identify vulnerabilities and risks, establish clear security standards and reduce the opportunities created for cybercriminals to take advantage of.
Maintaining secure communications is a necessary part of this process, as many data breaches directly result from compromised emails, text messaging, and instant messenger programs. Many of the groups that specialize in gaining access to sensitive systems focus on password access portals, unsecured communications, and vulnerable devices.
Keep Business Software Up to Date
One of the most effective steps in maintaining secure systems is ensuring your business software is up to date with the latest updates. Whether you have on-premises solutions or you are in the cloud, cybercriminals are continually developing innovative methods for breaching systems, requiring regular updates to security applications.
Ensure all connected software remains patched with the latest updates and consider allowing automatic security updates—these updates "patch" holes in the security when new threats are found and minimize access points. When your business solutions are out of date, you leave your data entirely vulnerable to new threats and provide more ways to get in.
Establish Routine Staff Cybersecurity Training
Another critical step in maintaining cybersecurity is routinely training staff on security issues. Team member training is often overlooked by business leaders but is one of the most effective methods for enhancing security. Management should educate team members on identifying security threats, how to respond to them, and what they can do daily to help minimize risks.
As part of routine training, businesses should educate staff on phishing emails, personal device security, password protection, social media use, and other avenues of access that cybercriminals seek to exploit.
Progressive companies who choose to hold mock breaches allow team members to practice breach response plans, making them more effective in the case of an actual attack. Mock breaches can also help identify inefficiencies in response protocols, allowing for the development of more effective responses.
External Cybersecurity Protection Makes "Cents"
Consider the expense of hiring, training, and maintaining an in-house cybersecurity team. Understanding the growing need for cybersecurity services, Managed Security Service Provider (MSSPs) handle an organization's cybersecurity operations as a third-party provider. Cybersecurity outsourcing through an MSSP delivers needed security services with unexpected benefits, including round-the-clock monitoring and management to identify threats and proactively address problems before they become a disruption.
Security firms operate on both sides of the spectrum, some companies with expertise on preventative measures and others focusing on incident response. A quality Incident Response Plan (IRP) will include both contingencies, as the response to a security breach is just as important as preventing breaches from occurring.
Securing external support beyond an MSP cybersecurity firm might include legal counsel and insurance agencies for the sheer damage a breach can do.
Maintaining legal counsel well versed in data compliance is also highly advisable, as legal complications arising from data leaks can pose further risks long after the breach has occurred (as seen in the example with the Washington D.C. police department). Maintaining cybersecurity insurance coverage is also a critical part of securing businesses overall, with many insurance agencies offering coaching services to help companies navigate complex recovery processes.
Planning Ahead is the Best Safeguard Against Cybercriminals
Businesses of all sizes need an effective, affordable, reliable cybersecurity plan– and the stakes have never been higher. As cybercriminals are constantly innovating, companies too should continually evaluate the effectiveness of their security.
Following the highly public attacks on Colonial Pipeline and the Washington D.C. police department, expect stakeholders in every industry to scrutinize cybersecurity measures more closely. By developing strategic plans that identify vulnerabilities, educate staff, consolidate access, and secure external support, companies can significantly enhance the effectiveness of their cybersecurity measures.
A Cybersecurity Risk Evaluation is critical in protecting your data and helps you understand, manage, control, and mitigate cyber risk across your entire network. Let us help you plan your protection. Learn more about how cybercriminals think. Then contact us for a brief discussion regarding cyber insurance, cybersecurity funding opportunities, and tax credits, or schedule a Cybersecurity Risk Evaluation.