The trade in cyberattacks is now so advanced that Darkside, the Russia-based group responsible for the Colonial Pipeline attack that shutdown a 5,500-metre-long pipeline in the US, sells its own ransomware software. And even has a tech support service in place should you need additional help in using it.
Some cyber-experts have even suggested that this latest attack is essentially a marketing campaign to show just how effective its software is at extorting cash from victims. Colonial were reported to have paid $5 million to take back control of its systems.
Not a scattershot approach
It has become clear that these attacks are becoming more widespread. In 2020, the UAE recorded a 183 per cent increase in cases where the cyber criminals breach a system and make it impossible for a service to be delivered – known as a Distributed Denial of Service (DDoS) attack.
As the Colonial attack has proven, it is no longer small and often defenceless companies that are targets for cyber criminals. Instead of targeting several companies for smaller ransoms, hackers can identify one larger company that has weaker protection or has perhaps neglected its responsibilities towards cyber security.
Those millions only help to a point
Nevertheless, even organisations that have spent vast sums on cyber security are not immune from attack. We believe there is no ‘one-size-fits-all’ solution to cyber-crime. As it is constantly evolving, ransomware is capable of evading even the most advanced of defences, meaning industry standard security can become obsolete and inadequate very quickly.
It is important to have security systems implemented throughout the entirety of a utility network, as hackers often target cloud-based or managed data centres that are remote enough from the grid to be more easily breached. Internal and external communication channels must also be secure. If there are many levels of security, where components of the whole system are divided into separate branches, it will prove much more difficult to break.
A major concern regionally is that now our systems are so digitally advanced and reliant on each other, that if one system becomes compromised others will follow. Rail systems, power plants, water treatment plants all use the same technologies, so it is critical that all, not just one of these systems, are fully protected.
Cybercriminals have taken advantage of the pandemic by attacking at a time when many organisations are at their weakest. Tightened budgetary controls and home working has diverted attention away from IT and info-security concerns, leaving vulnerabilities throughout networks.
Despite it being inconvenient to users, multi-authentication practices should be introduced in certain circumstances where sensitive information could be breached. One-time passwords and verification codes are examples. Regular security audits are recommended to help identify areas of susceptibility, too.
Outside of a tightened regulatory environment, there are practices that companies can adopt to limit their exposure. Resilient and hard to breach sensors combined with highly secure communication and analytics systems are a strong pillar to the entire security system. Regardless, if resources are not devoted to the problem in sufficient measures, problems will remain.
If the pandemic has taught us one valuable lesson, there were warning signs that were ignored, which resulted in catastrophic repercussions. Have we now done enough to be truly confident that our IT systems are safe and secure? Maybe, but what is protected today may not be tomorrow…
Francois Frigaux, Special to Gulf News
The writer is Director at Sensus, a Xylem brand.