Pipeline Ransomware Incident Highlights Gaps in Minimum Security Requirements

The Colonial Pipeline ransomware attack has been in the news for the past week, bringing the conversation surrounding the security of our critical infrastructure front and center. While the cybercriminals behind the attack may not have intended to have such a devastating impact, the damage is done, leading to massive gasoline shortages impacting the American east coast.

Malicious attacks are big business for cybercriminals, and attacks like this one show it’s not a matter of if but when. And with many organizations still playing catchup to the massive shift in the modern workforce over the last year, the number of enterprises barely meeting even minimum security requirements continues to rise. Convenience has been prioritized over security, and the rise of mobile devices and other endpoints left unprotected while connected to corporate data should be alarming. Even though top incident response organizations are still analyzing the Colonial Pipeline incident, there are some lessons we can all take from it right now to shore up security architectures against this and other forms of aggressive attacks.

Ransomware is not a new threat to the computers of the world, from the first known example of this vector of exploitation taking place in 1989 via the PC Cyborg Trojan. And for over 30 years, the method has been updated, improved, and made even more dangerous to computers everywhere. Even as variations such as WannaCry, Ryuk, CryptoLocker, and others continue to hit the news, the collective gasp of surprise when another significant attack happens is deafening. Targeting everything from hospitals, banks, small to larger enterprises, consumers, and everything between, it is an easy, impactful form of attack that continues to highlight the weaknesses in security architectures. And delivery could be as simple as a dropped USB drive, malicious emails, or even a mobile device accessing the corporate network.

When it comes to cyberattacks, perpetrators will be persistent when looking for the path of least resistance to get into the targeted victim network. And once in, it is only a matter of time until they are navigating through the enterprise network with little to no resistance. While organizations of all sizes invest in advanced security architectures, many of them fail to address glaring gaps in the attack surface, ultimately leaving their data, systems, and operations at risk.

As the last year has pushed most employees out of offices and away from the existing security architectures to keep the endpoints safe, we have also seen a rise in the reliance on BYOD policies to support the new, distributed workforce. From personal laptops to mobile endpoints, these devices connect into enterprise networks with more frequency and data access than ever before. But 60% of these endpoints connecting are mobile devices that are often left unmanaged, unsecured, and open to attack as IT and security leaders balance convenience and security investments.

Enterprises that are deploying management tools to these endpoints aren’t even addressing the security risks to these endpoints. And email, text, and third-party messaging apps have made it even easier for attackers to spread dangerous links and files. All it takes is one user clicking one malicious link or file to expose the entire enterprise to an attacker.

Security is often approached with a check-the-box mentality as organizations continue to grow and scale, and for a good reason. Different enterprises have different compliance needs based on their industries, and those governing agencies provide minimum security frameworks to meet said compliance. But minimum requirements are just that: minimum. These compliance guides rarely address the needs of infrastructure scale, BYOD, mobile device access, and other newer technologies that are becoming critical to success, leaving enterprises following the bare minimum compliance requirements at increased risk.

It is no secret that security is an often overlooked component of business operations, but it is time for that to change. As organizations continue to grow and adapt to the modern needs of the distributed workforce, they must also advance their security solutions to protect their data and assets no matter where they are located. It’s time to secure all the endpoints, not just the traditional ones. Without a comprehensive approach to security and ensuring all the endpoints, from operational technology to mobile phones, enterprises will continue to be attacked in the hands of every employee accessing the data.

About Zimperium

Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against device, network, phishing, and malicious app attacks. For more information, visit www.zimperium.com.