It’s not every day that you see a cybersecurity incident showing up as breaking news across all the major cable networks. Then again, the recent Colonial Pipeline attack wasn’t your average incident.
The sheer size of the attack and the resulting multi-million-dollar ransom payment might have been newsworthy on their own. But the ripple effect is what really stood out. The combination of the heightened media attention and the prospect of potential fuel shortages sent the public into a gasoline buying frenzy reminiscent of the panic purchasing behavior at the start of the COVID-19 pandemic.
Yes, it all made for great theater. But the core elements of the Colonial Pipeline attack weren’t much different from what we witness on a daily basis in the cybersecurity industry. Although the scale and the notoriety were extreme, the fundamental issues were the same.
The pandemic has led to more vulnerability
Ransomware has become so prevalent that no industry is immune, including public sector organizations such as school districts and police forces. When cybercriminals are actively targeting the police, it’s pretty clear just how widespread the problem is.
So, why is ransomware so prevalent, other than the fact that it’s obviously making a lot of cybercriminals rich? For starters, it’s not just individual actors committing crimes. We’re now seeing well-organized syndicates and state actors getting into the mix. In some ways, ransomware has become an actual cottage industry of sorts.
Secondly, the nature of the workplace has changed so much in the pandemic era that it’s left businesses extremely vulnerable:
Many businesses were so focused on staying operational that they were willing to sacrifice security to do so. They had to cut corners and take shortcuts when using new technologies just to stay in business.
So many more people are working remotely—moving sensitive data and workloads out of the office and onto the edge of the network. There are also a lot more personal devices being used for work—not to mention the proliferation of IoT devices for all types of businesses.
The IT professionals that previously worked within the confines of a controlled data center or office are also working remotely. They aren’t able to monitor and physically interact with their company’s people, data, and systems as closely as they used to.
Even as offices start to re-open, thousands of systems and devices have been sitting idle for the past year. Who knows whether they’re even being monitored, let alone getting patched with security updates?
With all the market disruption and uncertainty over the past year, the rapid pace of technology adaptation ended up saving the day. But now the bills are coming due. For every shortcut you might have taken, there’s now a security vulnerability you must worry about. For every new process you implemented, there’s a possibility you also increased your risk exposure to a ransomware attack.
Ransomware is predictable: it will impact you in some way
Perhaps the only good thing I can say about ransomware is that it’s somewhat predictable—not in the sense that we know exactly who’s going to get hit and when or where that will happen. It’s predictable in that it’s more a question of when rather than if you’ll be attacked. And, believe it or not, that actually gives you an advantage.
If you know a disaster is imminent, you can prepare for it. If you’re in the direct path of a hurricane, you can board up your windows and head off to somewhere safe. Even if you don’t know when an earthquake might strike, you can still take precautions to solidify your home’s foundation and store emergency supplies. Likewise, even if you can’t prevent a ransomware disaster, you can prepare for one.
Fight back with extended detection and response (XDR)
The prospect of relying solely on edge security products to keep attackers outside your systems has become an antiquated notion. You can’t expect anti-malware and antivirus tools to stop the advanced attacks that are already generations more sophisticated. When cybercriminals are using AI to attack you, anti-malware tools don’t stand a chance.
So, what do you need? First of all, you need the capability to detect threats and take action against them before they ever impact your business. That requires a combination of the right security tools and the expertise to utilize those tools. If you don’t have the budget or internal resources to handle cybersecurity internally, look for a vendor that can provide a cost-effective alternative.
Outsourcing your cybersecurity burden can free you up to focus more on your core business while giving you more expertise than you could ever bring in-house. When you utilize services such as extended detection and response (XDR), you gain access to round-the-clock monitoring from a team of cybersecurity experts. You also get all the advantages of the latest cybersecurity tools and technologies without having to purchase and maintain them yourself.
Unless you have access to the same tools as cybercriminals, it’s not a fair fight. And you’re not going to win many battles. Don’t be surprised to see even more ransomware attacks in the news—just sure you take the necessary precautions so your business isn’t the one making the headlines.