Virtually any individual or business with a computer could find themselves in the same virtual boat as the Colonial Pipeline Co., a victim of a recent cyberattack, according to the cybersecurity curriculum chair at SUNY Westchester Community College in Valhalla.
“It”™s a nonstop war: sometimes we gain some ground, sometimes we lose some ground, especially because of the way the world operates,” John Watkins told the Business Journal. He said because of the globalization of the internet, anyone anywhere can decide to become a hacker and cause mayhem while attempting to steal.
With respect to the attack that forced the Colonial Pipeline shutdown, Watkins explained, “The FBI is not making a lot of details available to us but a typical ransomware attack can affect not only the basic system but all of the other systems linked to a network. Ransomware actually would scan every piece of data that”™s available on their systems and encrypt it.”
Watkins said that after the ransomware has encrypted all of the data and made it unreadable, the computer system can no longer function normally. Then, the cybercriminals demand money for software needed to decrypt the data and make the computer system usable again. What the cybercriminals demand can range from a few hundred dollars in an attack on a single laptop to millions of dollars in an attack on a city, hospital or major company such as Colonial Pipeline.
Colonial operates a 5,500-mile pipeline that feeds 2.5 million barrels of diesel, gasoline and jet fuel a day to the East Coast. On May 7, Colonial learned that its computer systems had been hit in a ransomware attack. In an effort to gain control of the situation and prevent more extensive damage, the company halted all pipeline operations.
A company statement on May 10 said, in part, “Colonial Pipeline continues to dedicate vast resources to restoring pipeline operations quickly and safely. Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the federal government”™s response.”
The federal government eased regulations to allow expanded operations by tanker trucks to help fill the gap and deliver fuels to where they were needed.
At the White House, a state of emergency was declared in 17 affected states. The FBI released a statement confirming that the attack was carried out using DarkSide ransomware, malicious software that first began to appear in August of last year. It is believed to have been developed by Russian or Eastern European hackers although there were no immediate allegations that the Russian government was behind the attack on Colonial Pipeline.
Watkins said that cyberattacks are happening nonstop these days in large measure because the costs of implementing really tight computer security are so high.
“We are in a constant battle and we are on the losing end of it, but it doesn”™t mean we are going to give up,” Watkins said. “The cybersecurity field is an area of constant growth. At our college, every semester, every year, we have record numbers of students attending cybersecurity classes, even during a pandemic. It”™s driven not just by the news and how hackers are operating but it”™s also driven by the workforce.” Watkins said that there is a growing demand in business for cybersecurity experts.
Watkins said that during a typical semester he teaches five classes in cybersecurity, holds workshops in security, does presentations to community organizations, businesses and local schools and prepares students for competitions. SUNY Westchester Community College is a federal government center for academic excellence in cybersecurity.
“Businesses have to be constantly on alert and always concerned. You cannot ignore it,” Watkins said. “Many businesses still take the approach, ”˜it”™s never going to happen to me”™ or ”˜the odds of being hacked are like the odds of winning the lottery.”™”
Watkins said that reformed former hackers who have spoken at conferences he”™s attended have suggested that the off-the-shelf antivirus software used by many individuals and businesses may provide only about 20% of the protection that”™s needed because hackers have developed highly sophisticated ways to break into systems.
“It”™s software that basically does one thing specifically: it looks at signature detection on a file to see if it”™s infected or it”™s going to go through your system and see how an application will behave and then it will analyze and based on information it has stored on a database will come back and say, ”˜OK, this is a virus, let”™s stop it,”™” Watkins said.
Companies have to use what is known as an endpoint solution that protects all of the entry points on all user devices and detects and acts on threats, he said.
“Technology is evolving so fast, it comes with a price in terms of security issues and flaws,” Watkins said. “Education is everything because it”™s preparing the next level of cybersecurity professionals. The education has to evolve with new technologies.”
Watkins said that because there are no boundaries to technology these days the fear of hacking should always be present. He said employees need to be trained so they don”™t fall for phishing emails or open PDF files loaded with malware that would allow hackers to run rampant through company systems.
“If you”™re a business you need to prioritize security. Companies need to elevate their computer practices and set the banner high,” Watkins said.
