A major backdoor cyberattack on a U.S. energy provider, Colonial Pipeline, rocked the company whose pipeline averages 100 million gallons of gasoline and other resources sent between Texas and New York everyday. The pipeline, which runs through several states in the South and up the mid-Atlantic corridor, was shut down as company officials scrambled to mitigate the damage and begin to seek out causes and solutions for the major breach in security.
What happened
While investigations continue, early reports are that a hacker group known as DarkSide used ransomware to attack Colonial Pipeline’s information infrastructure, thus knocking it briefly offline.
DarkSide’s brand of ransomware is collectively known as “Ransomware as a Service,” meaning that they provide and sell hacking tools that other third parties use to attack vulnerable systems and companies.
In response to the cyberattack, Colonial Pipeline not only shut their IT systems down, but contracted a third-party cybersecurity firm to internally address the situation. The move is one more and more companies, regardless of their size or industry, are finding necessary.
What can be done
In a quote hosted on a CNN article in relation to the attack, US Cybersecurity and Infrastructure Security Agency (CISA) executive assistant director of cybersecurity Eric Goldstein said: “This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
But what actions are necessary to strengthen cybersecurity posture in this time of daily cyberattacks, hacks, and breaches? How can organizations prevent cyberattacks and hacks?
What you should do
To be clear, the Colonial Pipeline attack was not the same thing as a third-party data breach. Just the same, the national attention it has garnered should be a wake up call for any organization using and sharing sensitive data.
In terms of third-party security solutions, cybersecurity and third party risk management companies like ThirdPartyTrust suggest being up to date with NERC SIP and CIP 13 certification and regulation. NERC (North American Electric Reliability Corporation) CIP (Critical Infrastructure Protection) are requirements designed to secure assets related to the electric system and energy needs of North America.
ThirdPartyTrust is a leading third party and vendor risk management company providing solutions for both organizations and enterprises and third party vendors to ensure that the sharing of information and operation of secure systems is seamless and protected.
Want to know how your company can feel more secure with its data and third-party vendors while avoiding data breaches in the future? Start with understanding how your information and systems are shared with third-party vendors. We can help. Let’s get started.
Worried about your company’s information security? Feel safe with ThirdPartyTrust.
Learn More
