In early May the largest pipeline system for refined oil products in the U.S, Colonial Pipeline, was a victim of a ransomware attack. The attack halted systems for its 550 miles of pipeline, causing fuel shortages in some areas of the East Coast and a rise in the national price of gasoline.
DarkSide, the Russian ransomware criminal group, was responsible for the attack, which crimped the supply of gasoline, diesel, and jet fuel. It was also reported that Colonial Pipeline paid the almost $5M in ransom to this criminal group. We have seen attacks like this before, such as with the WannaCry that happened in 2017 which hit 150 countries, but this attack was one of the largest of its kind in the US and we are now at a point, again, to rethink what measures need to be taken to prevent attacks against critical infrastructure.
Ransomware and targeted attacks are nothing new of course. According to IDC’s Key Findings: 2020 U.S. Managed Security Services (MSS)/Managed Detection and Response (MDR) Survey Results, data breaches, targeted attacks and malware are top concerns for respondents surveyed. Close to 25% of organizations have stated a per data breach cost of $10k –$20k, with more than a third experiencing more than 16 breaches within the past 1- 2 years. We know that these types of attacks can lead to massive impacts on business operations, reputation and produce hefty fines.
According to Mcafee’s latest security report, ransomware is one of the fastest growing areas for cybercrime. During the COVID-19 pandemic, ransomware attacks in general have increased 148% from the baseline levels reported in February 2020. The report also added that one of the most concerning trends in ransomware is the shift towards targets in the manufacturing industry. Local governments, airports, schools, and health care facilities that are all dependent on critical services have been victims of ransomware.
In response to this latest attack, as well as other highly publicized attacks involving users of network and security software from Solarwinds and Microsoft Exchange e-mail servers, an executive order was issued by U.S. President Joe Biden that is aimed at strengthening U.S. cybersecurity defenses. The executive order takes in various steps to assist in modernizing the nation’s cybersecurity which include:
- Requires IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks, and removes certain contractual barriers that might stop providers from flagging breaches.
- Creates a standardized playbook and set of definitions for federal responses to cyber incidents.
- Pushes the federal government toward upgrading to secure cloud services and other cyber infrastructure, and mandates deployment of multifactor authentication and encryption with a specific time period.
- Improves security of software sold to the government, including by making developers share certain security data publicly. Creating developers to be more transparent about the security data related to the software openly available to the public.
- Establishes a “Cybersecurity Safety Review Board” comprising public- and private-sector officials, which can convene after cyber attacks to analyze the situation and make recommendations.
- Improves info-sharing within the federal government by enacting a government-wide endpoint detection and response (EDR) system. EDR systems have to be better at detecting bad behavior on federal networks.
What Does this Mean for Service Providers?
Now with this new cyberattack, IDC believes that service providers such as Managed Security Service Providers (MSSP) will continue to play an important role in assisting and educating customers in advancing their security posture. As a result of these new key initiatives, service providers are positioned in an optimum position to assist organizations in tightening up their security practices:
- Sharing of threat Information. By creating a standard for the sharing of threat intelligence, service providers are able to collect more in-depth information around security events, detection, response, and investigative information, therefore creating consistency across the board. Service Providers can leverage this information in assisting clients in creating and developing incident response plans and incident notification procedures.
- Implementing new modernized technologies. Organizations are moving to the cloud faster than ever before. Service providers need to be prepared to help clients in investing in new technologies which include a Zero Trust architecture and adopting security best practices. Service providers can take the opportunity to guide the client in their security journey and act as a trusted advisor to help their clients to reach their optimum security goals.
- Enhancement to security software. MSSPs and other security providers are big targets to the cyber criminal groups that seek to infiltrate security providers to gain access to their clients. In addition to tightening their own DevSecOps methodologies, providers also need to keep track of the embedded software that they utilize to make sure that they are not conduits to enriching cyber criminals.
- Improvements in EDR systems. With the need for better detection and response mechanisms, companies are encouraged to move forward with implementing EDR solutions. From a service provider perspective, clients will need more help in managing detection and response (MDR) offerings. With the increase deployment of MDR and EDR, organizations are expected to service providers for further guidance as they start to also work on improving their incident response and remediation tactics.
What About the Future?
President Biden’s executive order should be considered as a down payment towards increased cyber regulations that already has been coming out of capital cities globally for quite some time now. With the increased risks to critical infrastructure, shoring up cybersecurity capabilities will increasingly become more of a public-private partnerships that will cause friction at times. Service providers need to be prepared to flex to the avalanche of regulations that are sure to come.
Explore the data from “IDC’s Key Findings: 2020 U.S. Managed Security Services (MSS)/Managed Detection and Response (MDR) Survey Results”: