The Damaging Nature of Cyberattacks and Ransomware
Cybersecurity is vital to critical industries that handle vast amounts of data such as energy, transportation, telecommunications, financial services, energy production and transmission, and chemical and manufacturing industries.
Yesterday the US government issued emergency legislation after the largest fuel pipeline in the US was hit by a ransomware cyber-attack. The Colonial Pipeline carries 2.5 million barrels a day, transporting about 45% of all fuel consumed on the East Coast.
This new relaxes rules on fuel being transported by road and means drivers in 18 states can work extra or more flexible hours when transporting gasoline, diesel, jet fuel, and other refined petroleum products.
“Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.”
“The Colonial Pipeline operations team is developing a system restart plan. While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”
John Vestberg, co-founder and CEO of Clavister commented on the situation: “The DarkSide ransomware attack on the Colonial Pipeline highlights the increasing risk cyber criminals pose to critical national infrastructure (CNI). CNI, such as oil and gas, is a prime target for these ransomware gangs – systems are underpinned by a myriad of complex information and operational technology devices and so the consequences if these are infiltrated can be devastating. Attacks on CNI risk become the norm if action is not taken.”
Implications of cyber attacks
Successful cyber attacks can cause major damage to businesses and the impact of a security breach can be divided into three categories: financial, reputational, and legal.
The economic cost of cyber attacks
Cyber attacks often result in a substantial financial loss from things such as:
- Theft of corporate information
- Theft of financial information (e.g bank details or payment card details)
- Disruption to trading
Businesses that suffer a cyber breach will also normally have to cover costs associated with repairing affected systems, networks, and devices.
Trust is an essential element of the customer relationship. Cyber attacks can damage your business's reputation and the trust your customers have for you, which could potentially lead to:
- Loss of customers
- Loss of sales
- Reduction in profits
The effect of reputational damage can even impact your suppliers, or affect relationships you may have with investors and other third parties.
Legal consequences of a cyber breach
Data protection and privacy laws require you to manage the security of all personal data you hold, whether that be your staff or your customers. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and regulatory sanctions.
How to mitigate cybersecurity risk
Protecting your company against cyber attacks is extremely important and the National Cyber Security Centre outlines some efficient ways to reduce your organisations exposure to common types of cyber attacks on systems exposed to the internet.
- Boundary firewalls and internet gateways — establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
- Malware protection — establish and maintain malware defences to detect and respond to known attack code
- Patch management — patch known vulnerabilities with the latest version of the software, to prevent attacks that exploit software bugs
- Whitelisting and execution control — prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
- Secure configuration — restrict the functionality of every device, operating system and application to the minimum needed for business to function
- Password policy — ensure that an appropriate password policy is in place and followed
- User access control — include limiting normal users’ execution permissions and enforcing the principle of least privilege
Cybersecurity's importance is on the rise and with technology developing constantly there is no sign that this trend will slow. A key step in the right direction to protecting information is ensuring your company has the right protection and procedures in place in case of an attack.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”