Reading recent cybersecurity news feels like an effort in determining which breach is now the most significant. Following the latest news on ransomware attacks in 2021, along with government’s new focus on stifling it, it seems that we have entered an era of cyberInsecurity, with companies unable to protect against ransomware attacks.
This seems to be marked by a few key traits: hackers becoming more ambitious with their targets, trends that are transforming work and how businesses operate, and companies not using best practices to protect their network.
With cybersecurity risk continuing to increase, we’ll take a deeper look at the climate IT and OT operations finds itself in so you can better protect against a ransomware attack.
Ransomware Attacks in 2021
Since May alone, we have seen a handful of significant ransomware attacks. On May 7th, a ransomware attack shut down Colonial Pipeline, which supplies nearly half of the oil to America’s east coast. Not long after, a ransomware attack shut down hospitals in Ireland, and again, not long after that, JBS’ meat plants were shut down due to a ransomware attack.
These recent attacks are a sign of increased ambition in the hackers carrying them out. They are turning their sights to countries’ critical infrastructure.
Healthcare attacks significantly increased as COVID began to bring the world to its knees. Attacks on critical infrastructure are climbing. The financial industry is a growing target. Part of this is due in part to, despite the government’s advice to not pay a ransom, the likelihood that those affected by an attack will pay is increasing.
As critical as these operations are to the continued functioning of the country, it’s imperative that they are brought back up as soon as possible. Forced into just two options: the rebuilding of one’s network or paying, many are willing to pay to get the keys back to their digital premises again.
But even those who pay are faced with damaging consequences from the attack. Much of the data still ends up corrupted, resulting in months of rebuilding and manhours required to recover from the fallout. In Colonial’s testimony before the senate, more than a month on from the attack, they were still in the process of turning systems back on and recovering data.
What’s worse, is much of our country’s IT and OT networks are unprepared for these types of attacks. Residing behind unsophisticated networks, they are now on the backfoot as their networks are targeted.
Most of these attacks were successful due to poor cyber security hygiene: remote access breaches, unpatched systems, poor password management and a lack of insight into what is happening on the network until it’s too late.
We are at such a critical moment in cybersecurity that even President Biden made it a key talking point in his recent summit with Russia’s Putin. The government is addressing it specifically and making it a priority to implement Zero Trust security to better protect the nation’s infrastructure.
Biden’s executive order (EO) from May on improving the nation’s cyber security outlined the need for an updated definition of critical software. This was to avoid more breaches like SolarWinds, where supply chains were compromised due to a software vulnerability that was exploited. This week, the NIST just released its definition of critical software as a step toward securing supply chains.
Ransomware Trends in 2022
Ransomware is a household name now. The media regularly covers it in news cycles, governments are deciding how to act against countries housing these digital gangs and companies are reassessing their cyber security. It seems like we are reaching a tipping point.
The winds are blowing toward more accountability of hacked companies to the government. Many hacks go unreported or sat on for months before disclosure. Soon you might have to report a breach within 24 hours or face fines.
As insurance providers deal with the rising costs of covering companies hit by these attacks, they are moving toward pushing the bill back onto companies. Higher premiums with more limited coverage may be on the horizon as well.
Cybersecurity regulations could become stricter and the Cybersecurity and Infrastructure Security Agency (CISA) may itself be strengthened by legislation. The government is moving to expand support to those affected by an attack and wants to increase public and private sector collaboration and knowledge on these matters. The government will start removing software next year that doesn’t meet its defined security requirements set in motion by Biden’s EO. This could spread into the private sector as well.
Companies may require more proof of secure operations from vendors they work with to ensure the relationship does not compromise their supply chain.
These changes will bring refreshed pressures to companies looking to bolster defenses and reduce their potential to be the victim of a ransomware attack. If, or when, these changes come to fruition, what’s most important is that you are preparing yourself now.
How to Protect Against Ransomware
To protect against ransomware, start with the basics. There is a trend in many of these attacks: they didn’t have cyber security best practices in place and were using outdated methods to protect their selves. This will not work against today’s threats who exploit easy opportunities for their financial gain.
Colonial Pipeline revealed the attack happened after a compromised password allowed access to a VPN which didn’t have multifactor authentication. This was a more than $4 million mistake.
Other attacks have happened by way of compromised supply chains, like the ransomware attack on government computers across Texas, that prompted Governor Abbott to make a disaster declaration.
Many other attacks have happened through updates not being applied to network devices, opening vulnerabilities that allowed a bad actor into the network.
ConsoleWorks is a cybersecurity platform that prevents these kinds of attacks with:
- Least-privileged, role-based access to limit what a user can do and even what parts of the network he is aware of, further limiting capabilities with command-by-command grants for absolute control. If a user tries to do something they aren’t allowed to, ConsoleWorks will terminate the connection.
- Password management and multifactor authentication. Users won’t even know the passwords to your end points as they only log in to ConsoleWorks. Their access is then monitored and controlled to these end points through ConsoleWorks.
- Configuration monitoring that automatically checks end point configurations to ensure your devices are not being accessed and changed against your will.
- Automated patch analyses to reduce security gaps and ensure you are not vulnerable to known security exploits.
- Logging and situational awareness so you know exactly what is happening on your network and how it is happening.
Because these attacks also occurred through vendors and contractors, it’s important that you are selecting who you work with wisely. You are only as strong as the weakest link in your chain. As supply chains increase in complexity, this will be an important factor to your security moving forward
Make sure your partners can attest to their own security practices. We are among the first to complete the SOC for Supply Chain examination as part of our commitment to being a strong link in your supply chain.
Going from Cyberinsecurity to Cybersecure
Implementing these practices in your business protects your devices and assets. Many of the attacks to networks happened due to things that could have been avoided with better cyber security hygiene. If you are ready to increase your security and protect your IT and OT assets from ransomware attacks, we can help.
Schedule a demo or talk to us today to start protecting your network now.
