RALEIGH – The cyberassault over the July 4 weekend is getting the latest media attention right now but the actual number of ransomware assaults is soaring against companies in general.
Utility companies are bein hit on average 260 times a week, according to data from Check Point Research.
And the situation isn’t getting better, according to International Association of Information Technology Asset Managers which focuses on ways to manage technology.
“This country is way behind where it needs to be in ensuring that every single device and piece of software associated with these infrastructure projects is accounted for, secure, and up to date,’ said Barbara Rembiesa, CEO of the IT association. “Old infrastructure is already under attack today because of a lack of rigorous IT Asset Management.”
Rembiesa stressed that companies and individuals must be more viligant when it comes to security.
“All the people behind these ransomware attacks need is someone running a laptop in an unauthorized fashion on a non-secure network, such as a home Wi-Fi system,” Rembiesa said. “They don’t need much more than a central computer system that is running software that has not been properly patched or otherwise updated. And they are delighted to find an employee who is tapping into key systems remotely on a personal cellphone or other device that has not been authorized for such access.”
Highlights from the Check Point report includes a focus on one type of ransomware known as Ryuk that is believed to have been used in the Colonial Pipeline assault:
- In 9 months the monthly number of ransomware attacks in the U.S. tripled
- Ryuk, with more than 2,000 victims in 2021, is by far one of the most successful ransomware of recent years.
- The US is one of the favorite markets of Ryuk, where 15% of its efforts are invested in targeting American companies and organizations.
- Since January , Ryuk has targeted about 45 Utilities and Critical Infrastructure companies, 5 of those in the US
- In recent weeks an average of 1 in every 88 Utilities organization in the US suffered from an attempted Ransomware attack, up by 34% compared to the average from the beginning of 2021.
If companies don’t step up and address security, the cyber problem will only worsen, Rembiesa warned.
“Until the operators of public water systems, energy pipelines, nuclear power plants, bridges, tunnels, airports, and other key infrastructure elements get serious about thorough and tough-minded IT Asset Management, we are going to see more and more ransomware attacks like the one on the Colonial Pipeline,” she said.
Robert Cattanach of international law firm Dorsey & Whitney who focuses on cybersecurity and data breaches, says there are immediate lessons companies should learn from the Colonial Pipeline attack.
“The full extent of the damage to Colonial Pipeline, and its business partners, will not be known for weeks if not months. The breadth and duration of the impact of the ransomware provides important lessons to us all,” Cattanach said.
- “Make sure you have an incident response plan, and practice it. This needs to include stakeholders within the company with decision-making authority. Yes, the C-Suite is a busy place, with little spare time for practice drills. The return on this investment, however, is incalculable. Colonial lost mountains of data to the attacker well before its systems were shut down. A nimble response at the first sign of intrusion could have changed everything,”
- “Segregate your IT systems, and tighten the screws on detection monitoring. You will never be able to completely prevent the threat actors from gaining access somewhere. The key is to make it as difficult as possible for them to move horizontally once they are in. That means self-imposed inefficiencies, which are counterintuitive to your IT experts. Silo your systems, and increase the detection threshold for anomalous activity. That will make it tougher for your company’s systems to operate as smoothly as you’d like, but the roadblocks this creates for attackers will pay critical dividends,”
- “Communicate constantly with industry groups and regulators. Cyber criminals are creatures of habit. They look for a common vulnerability, and exploit it until it’s eliminated. Where else had these hackers been before Colonial Pipeline, and what could have been learned about this threat if more information had been shared?”