October 2021

Columns

Cybersecurity: How HPI companies can protect against ransomware and other cyber threats

Ransomware has become an epidemic, and critical infrastructure is in the crosshairs.

Parsons, M., Corso, R., Sungard Availability Services

Ransomware has become an epidemic, and critical infrastructure is in the crosshairs. The Colonial Pipeline ransomware attack should be a wakeup call for every company in the hydrocarbon processing industry (HPI). 

From 2019–2020, the number of ransomware attacks in North America increased by 158%. 

Critical infrastructure organizations, especially those relying on Internet of Things (IoT) devices, are prime targets for hackers looking to cause the kind of massive disruption that incentivizes companies to quickly pay ransoms. 

Ransomware data breaches and nation-state attacks, among others all pose a risk that industrial companies cannot afford to ignore. No matter where your cybersecurity practices stand presently, there are several actions companies can take to avoid becoming the next victim. 

Implement zero trust

Start with a zero-trust policy. Assume every IoT device and everything else touching your network is unsecure. A zero-trust policy restricts the access these devices have to the rest of the network, granting access only based on business functionality. 

Missing this step is one of the biggest mistakes companies make. Organizations often race to deploy new technologies and take shortcuts to speed up the process, assuming they will circle back later to lock down security. However, this rarely happens.  

A zero-trust policy ensures that any unsecure devices or software cannot become a hacker’s foothold into the rest of your network. 

Segment and air gap your backups

Segment your network and implement controls to prevent the ransomware from spreading across your enterprise and limit the impact should it be hit with an attack. 

Air gap your backups so they remain safe, even if ransomware starts spreading on your network. This will ensure a way to restore systems without paying the ransom. 

Make sure you have the cybersecurity basics in place

Change the default login credentials on all devices. Use strong passwords. Keep up with firmware updates and software patches. Stay up-to-date on emerging threats and educate employees on them. Look up each device on your network to see if there are any known vulnerabilities and track any new ones that are discovered. 

Lastly, make sure you encrypt all data, both at rest and in flight. 

Add more advanced detection and protection

Implement intrusion prevention systems that actively block malicious traffic, and web application firewalls to add additional detection and protection at the application layer. 

Log every event in your network, systems and storage, and use artificial intelligence and machine learning to examine the log data for suspicious activity and traffic patterns. These tools can alert you of any unusual activity that may indicate a security breach. 

Prepare for the worst

Perform a business impact analysis to understand the implications a ransomware attack would have on your organization, including what it would cost, what functionality you would lose, how it would affect customers, etc. Then, refine and test your business continuity plan and incident response plan accordingly. 

Make sure you have a disaster recovery (DR) plan that air gaps backups so you can restore all your data in an isolated bubble, perform forensic investigations and bring your environment back up in your DR environment. 

Educate employees

Ongoing employee education on security practices can help avoid common cybersecurity mishaps and elevate the importance of security across your organization. 

Train employees in various security protocols and have them sign off on information security policies annually. Ensure developers are building applications with cybersecurity in mind from the start and validate it before it goes into production. 

The elevated importance of security

Ransomware attacks on industrial and critical infrastructure have only just begun. As ransomware continues to be lucrative and effective for hackers, the attacks will only continue to increase in number, severity and complexity. 

Now is the time to review your security practices and take steps to ensure you do not become the next victim. HP 

LITERATURE CITED 

  1. Jeffey, L. and V. Ramachandran, “Why ransomware attacks are on the rise—and what can be done to stop them,” PBS.org, July 8, 2021, online: https://www.pbs.org/newshour/nation/why-ransomware-attacks-are-on-the-rise-and-what-can-be-done-to-stop-them 
  2. Lee, N., “As the U.S. faces a flurry of ransomware attacks, experts warn the peak is likely still to come,” CNBC, June 10, 2021, online: https://www.cnbc.com/2021/06/10/heres-how-much-ransomware-attacks-are-costing-the-american-economy.htm 

The Authors

Related Articles

From the Archive

Comments

Comments

{{ error }}
{{ comment.comment.Name }} • {{ comment.timeAgo }}
{{ comment.comment.Text }}