Colonial Pipeline CEO Grilled by Senate but Experts Think Different

The Colonial Pipeline CEO has defended the action he took in response to the recent ransomware attack on his company, telling a Senate hearing on Tuesday his priority was to restore service as quickly as possible. He also informed the Senate hearing the company paid the $5 million ransom one day after Russian-based cybercriminals hacked its IT network, crippling fuel deliveries up and down the East Coast.

Experts Comments

June 10, 2021
Andrew Rubin
CEO
Illumio

The Colonial Pipeline attack took us to a new place with regards to critical infrastructure security and our energy supply. Historically, the United States’ policy has been we should never pay a ransom. By paying, albeit under very difficult circumstances, we have sent a message to the world that we are open for business. Once you have paid a ransom, you cannot wind it back, even if we’re able to recover part of it after the fact.   

  

As ransomware attacks on major companies and critical

.....Read More

The Colonial Pipeline attack took us to a new place with regards to critical infrastructure security and our energy supply. Historically, the United States’ policy has been we should never pay a ransom. By paying, albeit under very difficult circumstances, we have sent a message to the world that we are open for business. Once you have paid a ransom, you cannot wind it back, even if we’re able to recover part of it after the fact.   

  

As ransomware attacks on major companies and critical infrastructure becomes the norm, more and more industries are instating regulatory compliance measures (like PCI and SWIFT) and forcing organizations to embrace proactive security measures or face the consequences. As a result, Zero Trust architectures, and specifically Zero Trust Segmentation, have been found to be vital solutions to addressing these compliance needs. The Colonial Pipeline attack is one of the most recent ransomware attacks to underscore what we already know – that organizations must be secure and resilient across their entire networks.

  Read Less
June 09, 2021
Mike Brown
CEO
Talion

Getting hit with ransomware does not mean a company has failed, the threat is inevitable today and it doesn’t matter how strong your defences are, attackers will continue to be creative and adapt new techniques to get into networks. While paying cybercriminals is an outcome no CEO desires, especially when there is no guarantee that the attackers will fully delete data, sometimes when the impact of an attack is so significant, it can seem like the only choice. No company or CEO should be

.....Read More

Getting hit with ransomware does not mean a company has failed, the threat is inevitable today and it doesn’t matter how strong your defences are, attackers will continue to be creative and adapt new techniques to get into networks. While paying cybercriminals is an outcome no CEO desires, especially when there is no guarantee that the attackers will fully delete data, sometimes when the impact of an attack is so significant, it can seem like the only choice. No company or CEO should be shamed for this. Instead, we should learn from these incidents to understand how attackers got in, what data was actually returned and what could have been done differently to secure a different outcome. Attackers collaborate on their attacks, and the only way to get ahead of them is to collaborate on our defences.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.