The Colonial Pipeline hack has gotten a lot of press over the past few weeks, and rightly so. But I find that there are three major points that most small business owners don’t understand:
- Colonial Pipeline was not the specific target for this attack. The hacker group, Darkside, and most others like them are simply casting the widest net possible. They’re scanning every device on the internet for vulnerabilities, and they’re phishing every email they can find. Once they get in, THEN they figure out whom they’ve got and what criminal opportunities they can exploit. In this case, the poor sod who let them in worked for Colonial Pipeline. It could just as easily have been you.
- Colonial Pipeline did not pay the $4.5 Million ransom because they got caught without backups. It was simply a financial decision. I’m certain that such an enterprise’s IT staff maintained backups, from which they could have restored all their computers. The problem is that that would have taken weeks, even working 24/7. Their 2020 revenue was $1.3 Billion, which equates to $3.6 Million per day – just a two-day payback on the ransom, so they paid it on the first day of the lockdown. Even once the ransom was paid, and they were given the decryption keys, it still took them nearly five days to return to operations. What is your revenue per day? On average a small business under a ransomware attack is down for 16 days.
- “Oops,” Darkside says – they didn’t mean to cause so much civil unrest and societal impact. They’re just trying to make money, they say. So, going forward they will no longer attack infrastructure, municipalities, or medical facilities. Isn’t that nice? Now they’re only going to focus on you and me. Super. It’s no longer if – it’s WHEN.
One comforting piece of news is that our new 2021 Security Stack includes countermeasures against all currently known hacking and spying techniques and comes with the cybersecurity professionals to monitor alerts and respond to threats 24/7.
Want to see how your network stacks up? Sign up for a free security assessment with our spokeslady for National Be Kind to Pets Month, Georgia the Cyberdog, at www.sipoasis.com/georgia.
