Huntington — Earlier this month, the Colonial Pipeline was forcibly shut down after a cyberattack, leading to higher gas prices and gas shortages across the East Coast.
The Colonial Pipeline was the victim of a ransomware attack, a cyberattack designed to render files and systems unusable until the target paid the ransom.
This type of cyberattack is on the rise, according to Katerina Goseva-Popstojanova, a professor of computer science who oversees a project to prepare for cybersecurity work funded by the National Science Foundation at West Virginia University.
“Ransomware attacks, including critical infrastructure such as pipelines, power grids, water treatment facilities and hospitals, are exploding,” said Goseva-Popstojanova. “In general, ransomware attacks target critical infrastructure control systems and other cyber-physical systems, which can lead to direct service interruptions.”
According to Goseva-Popstojanova, Colonial Pipeline attacks were fairly easy to break into a company’s computer system and infect ransomware due to inadequate cybersecurity practices.
“Instead of responding to attacks, we need a proactive approach to improving cybersecurity practices and making our systems resilient to ransomware and other types of attacks,” she said. ..
North American Consulting Services Inc. (NACS) joined Marshall’s Brad D. Smith Business Incubator on 3rd Avenue in downtown Huntington last year to provide business-to-business consulting on local cybersecurity best practices. Was opened.
According to NACS CEO Justin Jarrell, pipeline hacking is a wake-up call for all enterprises to enhance cybersecurity.
“I don’t think many companies, from small businesses to large ones, are aware of the importance of cybersecurity,” he said.
Since 2004, NACS has provided managers to advise NSA, Combat Command, Department of State, and about 50 different Department of Defense weapons system program managers on their needs and requirements.
“We started this division in Huntington after hearing that some of the regional economies were victims of cyberattacks,” said Jarrell. “After hearing about them, I wondered why they didn’t have more resources to protect themselves and wondered if it was a skill issue. I wondered some. I looked at different universities, but Marshall stood out for having an incredible cyber forensics and security (CFS) program, so it’s probably not a lack of skill development, but perhaps a local company’s perception. We conclude that the lack of work has led to a lack of cybersecurity work. “
Kevin Dillon, a graduate of Marshall’s CFS program, says, like many of his classmates, he couldn’t find a job in the area and moved to Florida.
“I grew up in Huntington and attended Spring Valley High School,” Dillon said. “I graduated from Marshall, but I didn’t have many cybersecurity-related job options around here. I went to Tampa and stayed there for about two and a half years. I missed my house, so This job opportunity has been wonderful. “
Dillon is a Senior Security Operations Center (SOC) analyst at NACS in Huntington.
The company’s junior SOC analyst, Ron Cole, is also from West Virginia and has left the region to find employment.
“I grew up in Cross Lanes and attended Nitro High School,” Cole said. “I left in 2013 and got a bachelor’s degree in cyber operations in Arizona. I saw this cyber security job post in Huntington and applied for it. It’s great to go home.”
NACS is headquartered in Point Pleasant, West Virginia.
“We have exclusively contracted with the Pentagon in the more general area of communications security,” said Jarrell. “But I think there is an opportunity here to help local businesses in the area.”
Jarrell says the amount of resources needed to address cybersecurity risks within a company or organization appears to be estimated.
“The best way to explain the concept of business cybersecurity is to be able to create infrastructure, practices, and hygiene to protect and protect sensitive data that could be used for business misuse,” Jarrell said. He explained.
According to Jarrell, NACS offers a variety of services to protect businesses and organizations.
“From general cyber hygiene training, including best practices for email, web-based chat rooms, forums, phishing campaigns and addressing other business vulnerabilities,” he said.
According to Dillion, company workers may do as easy as clicking on an email .pdf file.
“It’s very easy to put something in a .pdf that does everything a malicious attacker wants,” says Dillon.
NACS provides knowledge-based training to help businesses understand what to look for to empower their employees and protect them from cyberattacks.
“Another service we offer is support and services for the Cyber Security Operations Center,” said Jarrell. “Basically, what we do is place or install a specific folder or file on the client’s network or managed service and monitor every bit and byte of data that is transferred across the network. You will be able to catch it soon. “
NACS also provides network penetration testing called “penetration testing”.
“In the medical world through HIPPA, we sometimes call it a security risk assessment,” explains Jarrell. “We act as malicious attackers and see all the different ways to break into the system. Not only email phishing, but also physically. Standing outside their building, they Check if you can connect to their wireless routers, their wireless network access points, and from there, see if some of their hardware is available in their office. Physically in their building. Go in and see if you can see the data that way, or if you can connect the thumbdrive to your computer. We have different ways to access any information that the client wants to try to access. I’m testing everything. “
Jarrell says it’s from an external perspective, but you also need to consider an internal perspective.
“It’s all devices owned or controlled by each device, each computer, each cell phone, printer, Google Chrome, Chrome Stick, and its organization or company once we get inside and have access to the network. There are various weaknesses in every hardware device when you access it, “he said. “It also features the software platform, a very sophisticated and dynamic data management tool, but it’s one of the most intuitive and user-friendly interfaces I’ve ever seen.”
Jarrell states that it helps many local businesses manage their own IT security policies and best practices.
NACS has a range of cybersecurity training.
“You can’t really wage a cyber war for fear of losing your connected infrastructure, servers, and computers,” he said. “There are many features in our cybersecurity training range, and what really stands out is the active equivalent of cyber-malicious software, which is the equivalent of an atomic bomb in the cybersecurity training range. You can do it without compromising your company’s infrastructure. Everyone can work as if nothing had happened. There are some modern scenarios that are very realistic for today’s cyberattacks. “
Jarrell said he knew about last summer without appointing local victims of the cyberattack.
“One more thing last summer, these were big organizations in the area,” he said. “In the winter of 2019-2020, we had a small family-owned machine shop in southeastern Kentucky with about 12 employees who were victims of ransomware and closed the company altogether.”
Last year, Jarrell said he had done research and development to enable small and medium-sized businesses to provide cybersecurity services in addition to large corporations and the federal government.
“Cyber attacks can ruin a company or organization,” says Jarrell. “They were able to literally pay the ransom to make them go bankrupt. Our service helped us find all the ways they could be abused, and then we told them they had those problems and We can help you fix your concerns. “
According to experts, a cyberattack in the Colonial Pipeline should be a wake-up call for all businesses.business
Source link According to experts, a cyberattack in the Colonial Pipeline should be a wake-up call for all businesses.business