What lessons can be learned from the Colonial Pipeline ransomware attack?


Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom, according to BBC.

Earlier this month, Hugh has written about it in this article: The Colonial Pipeline Ransomware Attack: Preventing the Next Cybercrime Disruption of Critical Infrastructure

Lessons from the Colonial Pipeline ransomware attack

Dear community, let's share your professional opinion with other peers on what lessons can we learn from this ransomware attack.

What can be done better in the future? Is it about backup and recovery tools? About EDR? 

Should the incident response be managed in a different way?


ITCS user
11 Answer

author avatar
Top 20Real User

At minimum, do the basics. Patch or mitigate vulnerabilities by isolating the access and impact. Invest in security (tools, people and processes), always have backups & recovery tools (VEEAM) and regular/validated process that works to restore. daily/diffs/weekly/monthly etc. Oh and try not to let any 8th grade hackers into your systems which is the hole Colonial left wide open to all Darkside to do this easy hack.

author avatar
Community Manager

@ITSecuri7cfd thank you for your answer! 
Would you say that EDR tools are as important as the backup & recovery tools? Can you please elaborate a bit what sort of tools should be essential for such a facility?

Find out what your peers are saying about Veeam Software, Commvault, Rubrik and others in Backup and Recovery Software. Updated: June 2021.
511,521 professionals have used our research since 2012.