Crippling attacks on US gas and meat suppliers expose the dangers of major companies' reliance on patchwork cybersecurity
ransomwareattacks on key companies have wreaked havoc on US suppliers and consumers. Cybersecurityexperts say that while these firms may be large in scale, they're not necessarily high-tech.
- Large companies often have a mosaic of IT systems that can make them vulnerable to attack.
In his Senate testimony during a hearing last week on the Colonial Pipeline cyber attack, CEO Joseph Blount said hackers had penetrated a legacy system that was protected by a single password, rather than multi-factor authentication.
"It was a complicated password - I want to be clear on that - it was not a 'Colonial123'-type password," Blount said.In normal operations, the company, which runs the nation's largest oil and gas pipeline, uses a more robust authentication process to make remote access more difficult, he added. "We take cybersecurity very seriously."
Colonial is by no means alone. Meatpacking giant JBS was hit with a similar attack, and recently disclosed that it paid $11 million to the hackers. The New York subway system and a Massachusetts ferryboat operator have also recently been targeted.Indeed, the
The Wall Street Journal reported that that ransomware incidents have tripled in the past year, according to FBI and reports from the private sector. The chief information security officer for pharmaceutical giant Johnson & Johnson, told a WSJ event that her company experiences around 15.5 billion cybersecurity incidents per day.Experts told Insider that some companies reliance on patchwork cybersecurity systems means there are gaps for
In other words, a company's investment in state-of-the-art locks and cameras on its front door could be rendered ineffective if the windows aren't well-secured too.
Doug Schmidt, a professor of computer science at Vanderbilt University, said the challenge can be especially pronounced when firms acquire or merge with others that continue to depend on legacy systems, like software for a key piece of equipment that will only run on Windows 95."A given system may be fairly secure, but when you start connecting it to other systems that it really wasn't meant to work with, that leaves all kinds of opportunities for neglect, error, and surprise," he said.
This can be even more problematic in lower-margin, highly consolidated industries like food and some utilities where companies might see cybersecurity more as an expense than an investment, especially for those that don't perceive themselves to be a target.
"Imagine how it must just be like taking candy from a baby to go and hack these low-margin businesses that are building incrementally, and have very heterogeneous long tails of inadequate, unsecured, chaotic, error-filled legacy information systems," Schmidt said.For Testoni, episodes like the recent ransomware attacks underscore the need for a change of mindset among business leaders.
Every incremental improvement helps reduce the overall risk, Testoni said, and will pay dividends later as the world only becomes more heavily networked.Deputy Attorney General Lisa Monaco echoed that sentiment in her remarks on the Colonial ransom case, calling on corporate and community leaders to "invest the resources now."
"Failure to do so could be the difference between being secure now - or a victim later," she said.
- Adani Group firm Adani Wilmar to raise ₹4,500 crore via IPO
- Travel portal Ixigo moves a step closer to IPO
- How to check who unfollowed you on Instagram
- Adani Ports shows a record quarterly volume growth while the shares have already run up over 7% in last 5 days
- India saw a 42% rise in hiring in June compared to pre-COVID level, according to latest Labour Market report by LinkedIn