The Colonial Pipeline CEO has defended the action he took in response to the recent ransomware attack on his company, telling a Senate hearing on Tuesday his priority was to restore service as quickly as possible. He also informed the Senate hearing the company paid the $5 million ransom one day after Russian-based cybercriminals hacked its IT network, crippling fuel deliveries up and down the East Coast.
<p><span lang=\"EN-US\">The Colonial Pipeline attack took us to a new place with regards to critical infrastructure security and our energy supply. Historically, the United States’ policy has been we should never pay a ransom. By paying, albeit under very difficult circumstances, we have sent a message to the world that we are open for business. Once you have paid a ransom, you cannot wind it back, even if we’re able to recover part of it after the fact. </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><span lang=\"EN-US\"> </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><span lang=\"EN-US\">As ransomware attacks on major companies and critical infrastructure becomes the norm, more and more industries are instating regulatory compliance measures (like PCI and SWIFT) and forcing organizations to embrace proactive security measures or face the consequences. As a result, Zero Trust architectures, and specifically Zero Trust Segmentation, have been found to be vital solutions to addressing these compliance needs. The Colonial Pipeline attack is one of the most recent ransomware attacks to underscore what we already know – that organizations must be secure and resilient across their entire networks.</span></p>
<p>Getting hit with ransomware does not mean a company has failed, the threat is inevitable today and it doesn’t matter how strong your defences are, attackers will continue to be creative and adapt new techniques to get into networks. While paying cybercriminals is an outcome no CEO desires, especially when there is no guarantee that the attackers will fully delete data, sometimes when the impact of an attack is so significant, it can seem like the only choice. No company or CEO should be shamed for this. Instead, we should learn from these incidents to understand how attackers got in, what data was actually returned and what could have been done differently to secure a different outcome. Attackers collaborate on their attacks, and the only way to get ahead of them is to collaborate on our defences.</p>