Sloppy Security Protocols Made Colonial Pipeline Hackers $2.1M Richer


Update: We now know that the FBI recovered just over half of the ransom Colonial Pipeline paid to suspected Russian hackers, but not adhering to standard security practices is still at the heart of these hacks.

by Don Nokes, President | Imagine running into the store and leaving your car unlocked. When you return it is locked, and your key does not work. But look, … there is a note on your windshield, and It says, “if you want the keys to your car back, buy $1,000 in bitcoin and send it to me.”

So far, hackers have not targeted our cars and this analogy merely illustrates the experience that more and more businesses are having with computer systems. Initially, the hackers would simply encrypt your data so it could not be read without the encryption key. Then, they would retain that key until you paid up.

Now, in a new twist, they take a copy of your data. So if you’ve taken steps to recover your data without needing to deal with the hackers, they now threaten to expose your data. They also use that same threat to push you to pay the ransom quickly.

Specific to the Colonial pipeline experience, there was a closed system controlled by locally based technicians. Once COVID hit, the Colonial Pipeline employees worked from their homes exposing the internal network to the internet. Without multi-factor authentication or other security tools in place, the Colonial Pipeline infrastructure became vulnerable.

Sloppy Protocols Cost More Than Professional Prevention

If you or your organization have not been a victim of this crime, you have either made the executive decision to invest in preventative security measures like penetration testing, or without security protocols, you have just been lucky.

While it may seem that the only thing to do is throw your hands up and wait for your turn to become a victim, there are some very important things you can do without breaking the bank.

Our cybersecurity team follows the best practices for small business security as outlined by the National Institute of Standards and Technology. We then customize your security based on your business operations and infrastructure. We’re militant about regularly updating all your security offerings so there’s no getting sloppy. No one can absolutely guarantee that your systems will not get hacked but, as we saw with the Colonial Pipeline disaster, sloppy security protocols can wind up costing significantly more than professional prevention.

Reach Out For Our IT Playbook to Self-Assess

At NetCenergy, we approach IT through a business lens. Our 30-page IT Playbook is full of information to help you self-assess your existing IT systems and evaluate your level of risk. Send me an email and I’ll forward a copy to you. And, if you are not following strict security protocols — including regular user training of anyone with credentials to access your network — reach out to our team at NetCenergy to review your situation.