The Damaging Nature of Cyberattacks and Ransomware

Cybersecurity is vital to critical industries that handle vast amounts of data such as energy, transportation, telecommunications, financial services, energy production and transmission, and chemical and manufacturing industries. 

Yesterday the US government issued emergency legislation after the largest fuel pipeline in the US was hit by a ransomware cyber-attack. The Colonial Pipeline carries 2.5 million barrels a day, transporting about 45% of all fuel consumed on the East Coast.

This new emergency status relaxes rules on fuel being transported by road and means drivers in 18 states can work extra or more flexible hours when transporting gasoline, diesel, jet fuel, and other refined petroleum products.

Colonial said in a statement that it is working with law enforcement, cyber-security experts, and the Department of Energy to restore service.

“Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.” 

“The Colonial Pipeline operations team is developing a system restart plan. While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”

John Vestberg, co-founder and CEO of Clavister commented on the situation: “The DarkSide ransomware attack on the Colonial Pipeline highlights the increasing risk cyber criminals pose to critical national infrastructure (CNI). CNI, such as oil and gas, is a prime target for these ransomware gangs – systems are underpinned by a myriad of complex information and operational technology devices and so the consequences if these are infiltrated can be devastating. Attacks on CNI risk become the norm if action is not taken.” 

Implications of cyber attacks

Successful cyber attacks can cause major damage to businesses and the impact of a security breach can be divided into three categories: financial, reputational, and legal.

The economic cost of cyber attacks

Cyber attacks often result in a substantial financial loss from things such as:

• Theft of corporate information
• Theft of financial information (e.g bank details or payment card details)
• Disruption to trading 

Businesses that suffer a cyber breach will also normally have to cover costs associated with repairing affected systems, networks, and devices.

Reputational damage

Trust is an essential element of the customer relationship. Cyber attacks can damage your business's reputation and the trust your customers have for you, which could potentially lead to:

• Loss of customers
• Loss of sales
• Reduction in profits

The effect of reputational damage can even impact your suppliers, or affect relationships you may have with investors and other third parties.

Legal consequences of a cyber breach

Data protection and privacy laws require you to manage the security of all personal data you hold, whether that be your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions.

How to mitigate cybersecurity risk

Protecting your company against cyber attacks is extremely important and the National Cyber Security Centre outlines some efficient ways to reduce your organisations exposure to common types of cyber attacks on systems exposed to the internet. 

• Boundary firewalls and internet gateways — establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
• Malware protection — establish and maintain malware defences to detect and respond to known attack code 
• Patch management — patch known vulnerabilities with the latest version of the software, to prevent attacks that exploit software bugs
• Whitelisting and execution control — prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
• Secure configuration — restrict the functionality of every device, operating system and application to the minimum needed for business to function
• Password policy — ensure that an appropriate password policy is in place and followed
• User access control — include limiting normal users’ execution permissions and enforcing the principle of least privilege

Cybersecurity's importance is on the rise and with technology developing constantly there is no sign that this trend will slow. A key step in the right direction to protecting information is ensuring your company has the right protection and procedures in place in case of an attack.