The Colonial Pipeline ransomware attack is novel because of its size. Ransomware attacks are typically directed at companies that can’t afford top-notch IT security. Small firms and medium-size companies scaling up quickly are generally seen as easier targets. Although after Colonial Pipeline, this might be changing. However, it is still the case that small to medium-size businesses may not have a staff of security professionals, only a few IT professionals. In the absence of clear information security procedures, you will find that your networks have holes you didn’t anticipate.
Ransomware works by holding your data hostage; this malware encrypts all your data. Once encrypted, the only way to get to it is to pay the bad guys for the decryption key in Bitcoin. As of writing, 1 Bitcoin = $45,100; Colonial Pipeline had to pay 75 Bitcoin (New York Times). Also, remember that your payment doesn’t mean that they won’t keep a copy of your data anyway.
The thing to remember is that they need to find a way inside your systems. Hackers need to gain access to place ransomware. Your priority is to make sure the bad guys don’t make it into your systems in the first place. Understanding how hackers enter your system in the first place is crucial. Access is the first thing they have to get to complete their attack. There are many ways this can happen, one way is through insider threats.
Insider Threats
According to a Report on Insider threats from the Ponemon Institute, incidents related to insider threats increased by 47% between 2018 and 2020. Insider threat incidents include negligence, malicious insiders, and credential theft. Careless contractors or employees are responsible for 62% of these incidents. Bad guys inside an organization are responsible for 23% of these incidents. Stolen credentials are responsible for the other 14% of these incidents. The total average cost of these incidents examined is $11,450,000; this report doesn’t include the $5,000,000 ransom Colonial Pipeline paid to Hackers (New York Times).
IT rooms fill up quickly with loose hard drives and old computers. A well-meaning IT technician may throw out or sell an old disk without properly sanitizing it. A contractor might see a golden opportunity to sell loose drives on eBay, or even worse, on the dark web. Improperly disposed of data on these drives can give hackers a doorway into your systems to deploy ransomware.
A clearly defined data destruction policy will close this doorway, removing an attack vector for ransomware:
- Develop a data handling policy with the help of Information Security experts.
- Give your IT department clearly defined timelines for data destruction.
- Establish and track chain of custody for storage media with tools like the Phiston Secure Scanner (PHI-S).
- Create specific destruction policies appropriate for each type of storage media.
- Use Solid State Drive (SSD) specific destruction tools such as the Phiston MediaDice Solid State Drive Disintegrator (MDS).
- Keep a compact Phiston MediaVise Compact Hard Disk Drive (HDD) Destroyer (MVC-HDD) in your IT office.
- Ensure that data never leaves the server room with a Phiston MediaVise Rackmount Hard Disk Drive (HDD) Destroyer (MVR-HDD).
Don’t be the next Colonial Pipeline. Don’t leave the door open to ransomware. Trustworthy Information Security professionals can help you secure your castle. When your IT security team comes to discuss data disposal, contact Phiston for your data destruction needs.
