The promise of increased productivity in the cloud continues to ring true now more than ever. Access to corporate data from anywhere at any time while simultaneously collaborating as a team has kept so many businesses productive and competitive in our remote work environments. The caveat of access from anywhere is that without sufficient cybersecurity and risk management strategies, threat actors can also gain access to your sensitive corporate data. We have seen this disastrous process play out in many corporate cyberattacks, such as the recent Colonial Pipeline shutdown, which could have been avoided by implementing one commonly available cybersecurity protection.
It is becoming a common occurrence to learn about corporate breaches in the news, and they all seem to have a common process that looks much like this:
- hackers use brute-force attacks to steal high-profile credentials,
- the victim is then locked out of their system, and/or
- personal identifiable information (PII) gets exfiltrated, then
- a demand for ransom is made to regain system access.
Once the cyberattack is executed, it is often the case that the victim will pay to end the breach and regain system functionality. Unfortunately, due to the unethical nature of hackers, if any data was stolen, it is often sold anyway on the black market for nefarious purposes, like compromising a high-value target. Many of these criminals even automate cyberattacks by using inexpensive and widely available software tools found on the dark web. In some cases, these despicable software developers even offer technical support to the hackers!
What is unfortunate about a large percentage of documented cyberattacks is that the compromised companies did not enforce Multi-Factor Authentication (MFA) and practiced poor password hygiene. It has been well documented that MFA can block over 99.9% of account compromise attacks. With MFA enforced, the risk of hacker's using stolen usernames and passwords gain network access is significantly reduced.
The common cyberattack process outlined above is exactly what caused the six-day shutdown of the Colonial Pipeline in May 2021. Hackers gained entry to the pipeline's network through an unused but active virtual private network (VPN) account. In this case, the VPN account did not have MFA enabled. If MFA had been in place, this would have been the additional layer of defense needed to prove a user's identity, and stop the hacker in their tracks. Once the hacker obtained the stolen credentials, they simply logged in to the Colonial Pipeline to infiltrate the computer network with malicious software. At this point, the hackers proceeded to demand over $4 million in ransom from pipeline leadership to obtain access to their own computer systems.
What happened to the Colonial Pipeline is unfortunately not a cautionary tale, but a growing reality for large and small companies alike. What can be done is to take necessary precautions to fortify your company defenses with the following tools and techniques before a breach occurs:
As data breaches become more common and tactics more sophisticated, proper cybersecurity and risk management measures must be put in place to keep pace with technology and protect your organizational data living in the cloud.
Find out where your organization stands in its ability to defend critical assets, and where you need to take the next step in risk management. Learn more about a Cybersecurity Risk Assessment. The outcome of an assessment will identify what security controls and practices you have in place or are missing, understand the efficacy of each defense measure, and summarize findings in an executive report to provide you with recommendations to mitigate cybersecurity risks.
For more information, select the link above or connect with Systems Engineering at 888.624.6737 or info@systemsengineering.com. Clients, please reach out to your Account Manager directly.