Lessons Learned from the Colonial Pipeline Hack
Did we really learn anything?
Back in May 2021, the Colonial Pipeline was hacked and held for $4.4 million in ransom by a Russia-linked group of cyber criminals known as DarkSide. The hack of the pipeline’s systems exposed critical weaknesses in both corporate cybersecurity measures and in the US cybersecurity posture in general.
Following the attack CISA ramped up their information and awareness programs to help companies in critical infrastructure industries upgrade their cybersecurity systems and posture.
The three areas with the highest failure rates are the three most critical: SSL/TLS strength, patch management and credential management.
Colonial was infiltrated through an open and unused VPN account, and it appears from industry experts that nearly a third of companies in the energy sector have yet to upgrade their systems to address this vulnerability.
Additionally, the lack of controls regarding the SSL/TLS encryption technology continues to leave customer information vulnerable to malicious actors.
Do you have any thoughts or additional insights you'd like to share?
What is the industry doing to follow up on this event?
What needs to happen that is not already underway or done to properly address this?
If you have thoughts on any of these questions or other relevant and related ones, please leave a comment in the comment section below. Please note to keep our environment clean and free of advertisments of any kind, comments may not include external links, citing company names to promote them, or the like.