This past spring, hackers were able to halt the operations of Colonial Pipeline, the largest fuel pipeline in the United States, with a single compromised password. It was one of many leaked passwords in a batch sold on the dark web and had previously been used by an employee to access Colonial Pipeline's virtual private network. Although the account was no longer active, the password still worked. The breach led to Colonial Pipeline shutting down its entire gas pipeline system, resulting in a mass gas shortage and panic buying among consumers. Gas prices spiked dramatically along the East Coast at this time. To get its system back online, Colonial Pipeline Co. paid a ransom of nearly $5 million in bitcoin.
This is just one example of the numerous ransomware attacks on businesses that are happening everyday. An Emsisoft study released earlier this year estimated that there were over 3,000 ransomware attacks on Canadian organizations in 2020 with ransom demands ranging from US $123,697,351 to $494,789,403. These numbers do not include the losses arising from business downtime and additional costs of restoring data and systems.
Cyber attacks are increasing at an alarming rate and the methods used are growing in sophistication. However, many Canadian businesses are still not investing in leveling up their cybersecurity and cyber insurance.
Here are three simple measures that businesses can take to help prevent attacks like the one that shut down Colonial Pipeline:
EMPLOYEES SHOULD NOT REUSE PASSWORDS.
The complexity of the password will not make a difference if it is being used on multiple websites that can be compromised. As with the Colonial Pipeline incident, hackers can buy stolen passwords online in batches and use them to gain access to company networks and systems. Instruct your staff to avoid using the same passwords on multiple websites.
DELETE ACCOUNTS FOLLOWING EMPLOYEE DEPARTURES.
When an employee leaves, delete all of their accounts, including older ones from systems no longer in use. In the case of Colonial Pipeline, although the compromised account was no longer in use, the username and password still allowed access to the company's network.
ENABLE MULTI-FACTOR AUTHENTICATION.
Two-factor authentication is a commonly used security feature, which involves each employee using a username and password, as well as a secondary measure such as entering a code that is texted to their mobile device. While MFA can still be breached, it serves as another layer of protection against hackers attempting to exploit unprotected passwords.
Contact a CapriCMW Risk Advisor to discuss your options for cyber insurance and other risk management tools and strategies to protect your business.
This content is powered by the Canadian Broker Network.
CapriCMW is a proud member of the Canadian Broker Network (CBN), an alliance of Canada’s leading independent insurance brokerages representing over 50 offices, 1,500 professionals and over $1 billion in premiums. Learn more at canadianbrokernetwork.com.