We changed our name from IT Central Station: Here's why

What lessons can be learned from the Colonial Pipeline ransomware attack?

Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom, according to BBC.

Earlier this month, Hugh has written about it in this article: The Colonial Pipeline Ransomware Attack: Preventing the Next Cybercrime Disruption of Critical Infrastructure

Lessons from the Colonial Pipeline ransomware attack

Dear community, let's share your professional opinion with other peers on what lessons can we learn from this ransomware attack.

What can be done better in the future? Is it about backup and recovery tools? About EDR? 

Should the incident response be managed in a different way?


ITCS user
13 Answers

author avatar
Top 5LeaderboardReal User

At minimum, do the basics. Patch or mitigate vulnerabilities by isolating the access and impact. Invest in security (tools, people and processes), always have backups & recovery tools (VEEAM) and regular/validated process that works to restore. daily/diffs/weekly/monthly etc. Oh and try not to let any 8th grade hackers into your systems which is the hole Colonial left wide open to all Darkside to do this easy hack.

author avatarEvgeny Belenky
Community Manager

@ITSecuri7cfd thank you for your answer! 
Would you say that EDR tools are as important as the backup & recovery tools? Can you please elaborate a bit what sort of tools should be essential for such a facility?

author avatarEvgeny Belenky
Community Manager

Hi @ITSecuri7cfd just wanted to follow up on my question in the reply. Thanks

Find out what your peers are saying about Veeam Software, Commvault, Zerto and others in Backup and Recovery Software. Updated: January 2022.
564,643 professionals have used our research since 2012.