Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom, according to BBC.
Earlier this month, Hugh has written about it in this article: The Colonial Pipeline Ransomware Attack: Preventing the Next Cybercrime Disruption of Critical Infrastructure.
Dear community, let's share your professional opinion with other peers on what lessons can we learn from this ransomware attack.
What can be done better in the future? Is it about backup and recovery tools? About EDR?
Should the incident response be managed in a different way?
Thanks
At minimum, do the basics. Patch or mitigate vulnerabilities by isolating the access and impact. Invest in security (tools, people and processes), always have backups & recovery tools (VEEAM) and regular/validated process that works to restore. daily/diffs/weekly/monthly etc. Oh and try not to let any 8th grade hackers into your systems which is the hole Colonial left wide open to all Darkside to do this easy hack.
@ITSecuri7cfd thank you for your answer!
Would you say that EDR tools are as important as the backup & recovery tools? Can you please elaborate a bit what sort of tools should be essential for such a facility?
Thanks