Lessons to Learn from the Colonial Pipeline Hack
When large companies are the victim of cyberattacks, smaller companies should take note that they could be even more vulnerable.
When the Russian-based ransomware group, DarkSide, successfully launched its cyberattack on Colonial Pipeline, news headlines were quick to point out the major disruption to oil distribution to the eastern U.S. and the wide-ranging economic impact it will have for weeks to come. Cybersecurity Practice Leader, Bryan Bennett, says easy money is the number one motive behind these types of attacks. And while large corporations get all the attention, smaller companies may be even more vulnerable to bad actors. As the line between operational technology (OT) and information technology (IT) continues to blur, Bennett says hackers are finding more opportunities to access sensitive systems and data.
Building automation, machine learning, robotics, physical security controls, and audio visual systems – these, among others, are OT and tools that open cybersecurity risks beyond traditional IT and cloud systems. Many of these OT systems are embedded within office buildings, warehouses, hospitals, data centers, hotels, and retail spaces.
We are living in a new age of computing where the Internet of Things (IoT) is expanding exponentially. IoT refers to the smartphones, smart watches, smart mirrors, and more that contain small computers increasingly connect us to everything. When extended to smart buildings, Bennett says the explosion of IoT devices creates even more opportunities for cybercriminals. The best insurance against becoming a victim is to have your company do an annual cybersecurity audit of both OT and IT systems to reveal and correct potential vulnerabilities.
Bryan Bennett has been evangelizing for better IT security strategies for over a quarter-century. His mission to protect organizations from the financial, reputational, and individual costs associated with cybercrimes fits well with ESD’s mission to improve society through the built environment.
For more information on cybersecurity best practices, contact Bryan.