Colonial Pipeline, The Ransomware Task Force, and Your Business

Illustration of the Colonial Pipeline Cyberattack

 

If there’s anything we’ve learned from the Colonial Pipeline, SolarWinds, and Microsoft Exchange cyberattacks, it’s that any business can be a victim of cybercrime. National infrastructure, hospital systems, municipal governments, and big companies or organizations with deep pockets are popular. After all, cybercrime is big business. Ransomware hackers net about $1 billion annually while cybercrime-as-a-service (yes, even cybercrime can be a service) can bring in as much as $1.6 billion annually.

After paying 75 bitcoin in ransom—about USD 5 million—Colonial Pipeline was able to restart operations on May 12, 2021, after a 4-day hiatus. But what if your company doesn’t have 5 million dollars or cyber insurance? Or even a large IT team that can keep your network secure against the latest cyber threats? According to Katie Nickels, director of intelligence at the security firm Red Canary, “For some organizations, their businesses could be completely destroyed if they don’t pay the ransom.” 

Protecting Your Business in Post-COVID World of Work 

The COVID-19 pandemic radically changed commuting and working habits, possibly forever. According to McKinsey, 25% of workers in advanced economies could work from home 3-5 days a week, four to five times the level before the pandemic. The challenge of identifying a friend or foe has never been greater. Employees are no longer merely onsite or off-site and switching locations during the workweek, moving from a laptop at headquarters or a branch office to a home office, or even a mobile phone at a cafe. 

As we’ve seen with the Colonial Pipeline and thousands of other businesses, the challenges and dangers of ransomware have never been greater. 

The Ransomware Task Force (RTF), comprised of more than 60 experts from industry, government, and law enforcement, has produced a report with 48 public policy recommendations to address ransomware including:

  • Coordinated, international diplomatic and law enforcement efforts
  • An intelligence-driven anti-ransomware campaign by the US Government
  • Per-country Cyber Response and Recovery Funds and legal requirements to report ransom payments
  • International efforts to help organizations prepare and respond to ransomware attacks
  • Enforcing existing banking laws with crypto kiosks and exchanges such as Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT)

But businesses cannot wait for the international framework. They must begin to act today.

SASE: A Unified Vision for Securing Your Network

In 2018, Gartner coined the term “Secure Access Service Edge,” or SASE, to convey a new vision for the unified delivery of cyber and network security services. In our post-COVID or nearly post-COVID world, SASE is an ideal solution for businesses of all sizes. 

As employees in the new world of work become more mobile and working locations more fluid and flexible throughout the workweek, the old model of on-premises and off-premises network access is no longer relevant. In this new model, employees securely access the cloud-based network directly from the edge. They do not tunnel into the corporate network, only to exit and access cloud-based resources. Instead, they use the nearest public Wi-Fi or PoP connection to access a worldwide mesh of secure physical and cloud resources. 

Network access from the edge is enabled by identity-driven permissions rather than location-driven. Access to data and other resources is then strictly controlled based on relevant attributes, including application access, user and group identity, and the data’s sensitivity.

As a cloud-based solution, SASE is an agile, holistic platform that can be easily adapted and scaled by businesses no matter where they are located. It offers unified cloud management, zero-trust networking as a service, and firewall as a service to protect site-centric and cloud resources. Most importantly, SASE is also self-updating and ensures endpoint compliance, which will avoid the risks of working with outdated, insecure software.