Recently, a water treatment facility in Florida was the victim of a cyberattack. Fortunately, the attack was caught in time by an employee who was able to regain control. However, if it hadn't been, the result could have been thousands of residents made sick or worse. Take a moment to learn how a cybersecurity breach can have serious, even life-threatening consequences in today's connected business environment.
Unlike many ransomware attacks, whose goal is to hold the data of businesses hostage until they receive a payment, the attack we’re discussing had a different purpose.
This cyberattack's goal may have been to poison the residents of Oldsmar, Florida, by adjusting the levels of sodium hydroxide (also known as lye) by more than a factor of 100. Lye is a corrosive compound (think drain cleaner) and had the attack been successful and the water contaminated, the residents of Oldsmar could have suffered grave injuries.
Fortunately, this wasn't the case, and the attack was thwarted. However, while there was a positive result, there are additional concerns organizations should consider regarding their cybersecurity.
For example: precisely how did the cybercriminal gain access to control the water treatment plan's operations?
In reviewing the events, the conclusion is that the bad actor gained access because there was absolutely nothing to prevent them from doing so. It's not hyperbole to say that there wasn't a shred of real cybersecurity in place to protect the system. Considering that the water treatment plant provided water to 15,000 people, this should give one pause.
Most businesses are asking, how was the cybercriminal able to login and gain access to the plant's critical systems? Here are five cybersecurity protocols that were not implemented and may have allowed the bad actor to access the system.
When we examine what may have contributed to the water facility's cybersecurity breach, we see that the organization didn’t follow many of the cybersecurity tips for businesses we at KT Connections advocate. Some of the errors made include:
Despite its support ending on January 14th, 2020, (over a year ago), many businesses are still using Windows 7. While it is understandable that many companies often use out of date software out of convenience or as a cost-saving measure, they place their data security at risk by doing so. EOL, end-of-life (or out-of-date) software allows cybercriminals to take advantage of the vulnerabilities which come with unsupported software, including Windows 7.
These vulnerabilities create openings that cybercriminals can use to gain access to a system. In an organization using Windows 7, the operating system itself can be attacked, providing a bad actor even more access to your data. Further, if your business is required to be HIPAA compliant, using Windows 7 places your organization out of HIPAA compliance and at risk of running afoul of HIPAA laws.
If you’re still using Windows 7, it is time to update to the latest Windows version and gain the security your business needs. If you don’t consider updating to Windows 10 worth it, here are some reasons why you should upgrade to Windows 10.
A firewall is one of the essential tools your business needs to protect your internet from being attacked. If your business doesn’t have a basic firewall, you won’t have to worry about a hoodie-wearing hacker breaking into your network; anyone will be able to get in. A firewall “hides” your network from cyberattackers, reducing their ability to gain access to your network. Firewalls can also prevent malware from attacking your system via the internet.
When considering investing in a firewall solution for your business, you should look at more sophisticated firewall solutions such as a UTM (Unified Threat Management) device. A UTM device provides the level of security protection your business needs to keep your data safe.
The primary method a criminal uses to gain access to your systems is via compromised passwords. In the case of this breach, since everyone was using the same password, anyone could gain access to the plant’s systems. Whether they are acquired via phishing or are just weak passwords, strong password hygiene should be treated as a critical component of your cybersecurity plan.
Basic password policies should include unique passwords for all team members and following best practices for password management. If you haven’t done so, now is the time to audit your credentials, especially your passwords.
As noted, the lack of password management allowed the cybercriminal to gain access to the plant’s systems. However, password management is only one step to securing your data. If your business doesn’t segregate who can access your critical systems, then all your data is at risk of compromise if a bad actor compromises a password.
Access management is an essential part of protecting your data because it controls what data users can access, moreover, assigning access control doesn’t have to be difficult. When you enact access management, cybercriminals will be limited in what they can access based on their assigned access level. So as we can see, access management in conjunction with proper password management may prevent the event from occurring.
When thinking about cybersecurity, one of the most effective measures you can take to protect your data is enabling 2FA. 2FA is useful because it creates a layer of protection that supports all other cybersecurity protections. 2FA would have prevented the cyber attacker from gaining access to the water treatment plant, even if he had managed to break through the other protection layers.
2FA works as it requires anyone who wants access to your network to have another way to verify their identity in addition to the username and password already required. These factors are a combination of two of three different criteria as follows:
2FA is very effective because it is very difficult for a cybercriminal to have access to your smartphone or your fingerprint, and without this additional identifier, they can’t gain access to your systems. This is why you should start using two-factor authentication everywhere, today.
As we often note, a cybercriminal doesn't have to be a master hacker to gain access to your systems if your business doesn't have cybersecurity protections in place. Never forget: your data is your greatest asset, and losing it can do more than cripple your business; it can end it. One can only imagine what could have happened if the water treatment plant's attack wasn't stopped. Will your business be as fortunate?
Rapid City businesses, you can't afford to wait for a cyberattack or hope that you will be as lucky as Oldsmar was. Sometimes it can be too late, so now is the time to examine whether or not your cybersecurity protocols are up to the task. Call KT Connections today at 888-891-4201 to schedule a free technology assessment.