Lessons from the Colonial Pipeline Ransomware

Advertisement

Thankfully, it appears that the Colonial Pipeline ransomware attack is behind us and the panic over gas lines and hoarding can subside. But after an episode like this, it is helpful to take stock and search for what we can learn.

To start, everyone has now heard of ransomware, but to give a bit fuller background, this kind of malicious software is delivered into an information system—such as a computer or a database—and then renders all of the information inaccessible. Backups can sometimes help restore functionality unless the ransomware’s operator or programs decided to wait to activate the malicious software for long enough that it is in the backups. Once the information is rendered inaccessible, the person or group behind the malicious software demands payment in exchange for returning the information. Recently, there has even been reporting that the person or group behind a ransomware attack will begin calling the clients and consumers whose information was exposed as a pressure tactic to get the business to pay up.

Advertisement

Events like the shutdown of Colonial Pipelines, which generate a torrent of media attention, can create a false impression that it is only large or geopolitically sensitive businesses are at risk of these kinds of attacks. This is simply not true. In his 2020 Data Breach Report, North Carolina Attorney General Josh Stein found that there were over 1600 security breaches reported to the North Carolina Department of Justice. Compromising email constituted 40% of all security breaches reported, and ransomware constituted 22% of all security breaches reported. So there is a wide array of businesses in North Carolina that are susceptible to these issues, and small businesses are getting caught up in the mess.

For example, last year, the News and Observer reported that the Food Bank of Central & Eastern North Carolina was the victim of a widespread data breach, and just this past April, WCNC reported that a Charlotte parking app had a serious data breach exposing users’ personal information.

Advertisement

However, while no business can ever prevent all possibility for data breaches, there are steps that any business can take to prepare themselves, and relative to the cost of a breach, these steps have a significant return on investment. For example, making sure a business avoids compliance failures can sidestep significant cost increases in the event of a breach. Identifying an incident response team, creating an incident response plan, and testing both can give certainty and ensure that a business responds as rapidly to an incident as possible. And aligning a business’s internal practices with an established cybersecurity framework can decrease the risk that the business experiences and give strong arguments against any regulatory investigations that suggest the business was negligent.

Advertisement

That being said, cybersecurity and compliance expertise are critical to making sure that these plans do what they are meant to do.

© 2021 Ward and Smith, P.A.. All Rights Reserved.


For more articles on cybersecurity, visit the NLR Communications, Media & Internet section.

Published by

National Law Forum

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S. Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly. The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.