
Are you protected from ransomware?
The recent ransomware attack on the Colonial Pipeline company has been heavily covered in the news in recent days due to the massive impact it will on the fuel supply chain. For years, cybersecurity experts have been warning those in the petroleum industry of the likelihood and seismic impact of a ransomware attack. Rick Bos, Security Technical Lead at W. Capra added, “If it is possible for an automated ransomware botnet campaign to breach critical services, it is safe to assume attackers without strong financial motivation will have the same success.”
What do I need to do?
If you have seen the news about the Colonial Pipeline attack and have wondered if your organization could be impacted the same way, a Security Assessment is an excellent place to start. By bringing in W. Capra to assess your security posturing, you’ll have a third-party view of standards, best practices and the ever-evolving threat landscape that may need to be addressed in your organization.
Bos added, “When the details of this particular ransomware attack emerge in the coming days, we will give a more specific view as to some of the safeguards that can be put in place. The most likely attack vectors in this case are either misconfigured edge/cloud services or spear phishing based on my experience with previous ransomware campaign incidents. Security awareness and test phishing campaigns are critical to mitigate this scenario, but the best approach is zero trust architecture[1].”
Is ransomware just the latest security attack vector?
Ransomware has been on the rise in recent years and is now being described in some outlets as an epidemic. As seen with the Colonial Pipeline incident, the stakes are escalating as well. Bos suggested, “When considering security protection and prevention measures, if the goal is to not become the next headline, the time to start working on your approach is today. This isn’t something that should be planned and budgeted for 2022.”
Rick Bos is dedicated to assisting W. Capra clients with all things security.
For further discussion, contact Rick Bos at [email protected].
[1] https://www.nist.gov/publications/zero-trust-architecture
Related Insights
What does the new Taco Bell Defy concept mean for Convenience?
This new Taco Bell concept should not be seen merely as a signal to other fast-food operators and Quick Service Restaurants (QSR) that change is coming; this is a sign to all who strive to offer quick, convenient, access to high quality food and drink that adaptation is required. As a company, you don’t get to define what convenience means. The broader market and consumers are defining that for you, and expectations are being redefined every day.
What’s Coming in PCI DSS 4.0 and How Should You Prepare?
Merchants can expect significant changes forthcoming in PCI 4.0 for the standard to match the current state of our payments ecosystem.
How should petroleum marketers think about electric vehicles and their impact?
As the number of electric vehicles on the road begins to climb, gas station operators need to begin thinking about how they will keep consumers who have long filled up their gasoline engines on their lots. For petroleum marketers looking to be early movers, the lack of mass adoption of electric vehicles, combined with differing charging products available in the market, make it difficult to come up with a clear strategy.
The CPRA Takes Effect Sooner Than You Might Think
While January 1, 2023 sounds like it’s eons away, from a project planning and assessment timeline perspective, it’s quite soon. When you add in the CPRA lookback period of January 1, 2022, and associated fines and penalties that will hit in 2023, planning takes on even greater importance.
Want to stay in touch? Subscribe to the Newsletter






