Colonial Pipeline Proves The Value Of Multi-Factor Authentication

In a recent senate hearing concerning the network security breach at Colonial Pipeline in May, the company's CEO provided additional information about the attack.

The CEO testified that because Colonial's network runs on an older Virtual Private Network (VPN) system that does not allow for multi-factor authentication (MFA), hackers gained access to their network by using one stolen password, even one that he says was quite complex.

The hackers installed ransomware on the pipeline computer network that shut down Colonial's oil delivery channels, causing a spike in oil prices and gas shortages in local areas.

Senators expressed surprise after the CEO acknowledged that Colonial did have a network breach response plan in place but failed to adequately address prevention. The CEO stated that his firm has invested more than $200 million in its IT systems over the past five years, but a spokesman later clarified that this amount represents overall IT spending, including cybersecurity.

Although the FBI says paying ransom demands will embolden cybercriminals to escalate attacks and recommends breach victims not pay ransom, Colonial's executives ultimately chose to pay the ransom demand to regain access to its system. "One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators" saltwire.com (Jun. 08, 2021).

Commentary

Online criminals continue to try to infiltrate infrastructure targets. In the matter of Colonial, it is clear that more prevention steps were needed, including multi-factor authentication.

Costs were referenced in the above article. Obviously, the cost of multi-factor authentication was minimal compared to the loss of a shutdown and ransom payment.

Requiring a secondary form of user verification - a text message, email, phone call, or hardware token - is fast becoming a standard in password security and is necessary for any organization that cares for sensitive information or controls necessary public infrastructure.

In addition to multi-factor authentication, strong passwords must continue to be pushed, but also organizations must limit the number of users who have access to critical data, and regularly review those users, removing any who no longer require such access.

Finally, in case of a breach, organizations must be able to identify and compartmentalize critical data inside the network, making access more difficult for criminals.

Finally, your opinion is important to us. Please complete the opinion survey: