The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyberattacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident.
The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyberattacks can have physical consequences.
Colonial paid almost $5 million for the key required to unlocked the encrypted systems.
SEE: Network security policy (TechRepublic Premium)
The significant disruption caused by the attack and the high cost of the ransom payment appears to have been a wake-up call for organisations – a new report by IT association ISACA suggests that just over two-thirds (67%) of IT professionals expect their organisations to take new precautions in light of the Colonial Pipeline attack.
Ransomware has been a major cybersecurity threat for some time and shows no sign of slowing down: 84% of those surveyed by ISACA said they believe ransomware attacks will become more prevalent during the second half of 2021.
"The growth of this attack type is relentless, and its targets are indiscriminate: large or small, public or private, any and all industry sectors," said Chris Cooper, member of ISACA's emerging trends working group.
"From the recent Colonial Pipeline attack to the Metropolitan DC Police Department and numerous small and medium enterprises, there has been a barrage of high-profile ransomware incidents around the globe in the past month alone," he added.
But despite the ransomware threat, 38% of respondents say their company has not conducted any ransomware training for their staff, something that could potentially lead to issues in the event of a ransomware attack – or even lead to a ransomware attack itself.
To help protect against ransomware attacks, ISACA has several recommendations for organisations to take.
They include testing for incoming phishing attacks, in order to prevent malicious emails that could be the first step in a ransomware campaign from arriving in inboxes, preventing the email from becoming a risk to users and the wider company in the first place.
Organisations should also apply security patches on a timely basis in order to prevent cyber criminals from exploiting known vulnerabilities as a means of compromising the network.
MORE ON CYBERSECURITY
- Ransomware: How the NHS learned the lessons of WannaCry to protect hospitals from attack
- Most applications today are deployed with vulnerabilities, and many are never patched
- These software bugs are years old. But businesses still aren't patching them
- Congress confronts US cybersecurity weaknesses in wake of SolarWinds hacking campaign
- The FBI removed hacker backdoors from vulnerable Microsoft Exchange servers. Not everyone likes the idea