Between technology becoming more sophisticated and hackers launching attacks more frequently, protecting your organization from cyberattacks can feel challenging. In May 2021, hackers were able to target a major U.S. pipeline and cause it to shut down its operation after accessing its network. Here is what we can learn from this incident and how you can develop a strategy to prevent and respond to data breaches.
How a compromised password led to a widespread gas outage
In May 2021, hackers targeted a major company that manages a pipeline system in the U.S. through a compromised password. Cybersecurity experts believe the password was part of a batch of stolen credentials leaked on the dark web.
The password gave hackers access to an old account that was no longer in use. However, the account was still active and allowed them to remotely access the company’s network.
An employee then found a ransom note on a workstation, which resulted in the entire pipeline system being shut down as a safety measure. The resulting gas shortage affected millions. The company conducted a thorough sweep of the entire system before resuming operations. Steps were also taken to monitor the network for subsequent attacks.
An investigation revealed that the attackers couldn’t access the system that controls the pipeline flow. They did, however, access the company’s data and threaten to leak it. The targeted company was able to resume operations quickly, but not without paying a hefty ransom and incurring high costs due to the disruption.
How do you mitigate and prevent data breaches?
You can take steps to mitigate risks, create a secure environment, and prevent data breaches.
- Data backup
Ransomware attacks doubled in frequency in 2021. Hackers often target the supply chain and launch devastating attacks that lock businesses out of their data. These same hackers may also export data into an external repository to threaten to leak it.
Being cut off from your data means that key processes will come to a standstill. However, a data backup means you can restore the data you need to resume operations quickly.
- Multi-factor authentication
Compromised credentials are a widespread issue, with one of the largest collections of leaked passwords available online containing 8.4 billion records. Multi-factor authentication (MFA) could have prevented the cyber incident described above.
With MFA in place, users must complete an additional step to log in. Only an authorized user can complete this step, whether it’s answering a security question or receiving a code on their phone.
The importance of a strong response plan
You can protect your organization by taking steps to prevent data breaches. However, you should also have a strong response plan in place to get your core systems back up and running as quickly as possible after an incident.
- Identifying data breaches
In many cases, organizations aren’t aware right away that they’ve been targeted. Unless a hacker makes themselves known through a ransom note, it can take 207 days on average to identify a data breach.
Use software to monitor your network and detect unusual activity. Installing detection tools can help you identify issues faster and make you more reactive.
- Backing up the data that matters
Regarding TiPS alarm management solutions, you need a backup with your LogMate configuration files and SQL Server databases. It would be best to determine how often you want to capture this data and update your backup. This determination will depend on how much data you can afford to lose during an incident. Typically, weekly SQL Server full backups are sufficient for many customers.
Your backup plan should also include best practices for accessing and restoring these files as quickly as possible to limit the disruption. As part of our standard installation practices, TiPS has deployed a backup process with the allowed network access provided.
- Developing a solid data collection strategy
You need to identify the mission-critical data you need to access to resume operations in the event of an attack or natural disaster. Next, you should develop a strategy to collect and secure this data.
You should also look into how you will resume data collection after an incident. Getting your data collection system up and running should be a priority to prevent gaps in your records. TiPS software and services use industry-standard techniques to provide automated backup strategies. These processes can be documented and tested prior to a required LogMate installation restoration.
How TiPS can help improve resilience
The LogMate product suite supports your data backup strategy. LogMate offers the Capture module, a convenient tool for collecting data from one or more systems and processing it into an SQL database. For smaller applications, Capture can manage database maintenance without needing a SQL Server Database Administrator.
Once the Capture module is in place, you can use the LogMate High Availability module as part of your disaster recovery plan. This module allows you to run two Capture installations. High Availability has a failover feature that will automatically switch to the other Capture instance if one installation becomes inaccessible.
This process eliminates gaps in the data you collect. Plus, it preserves your Capture configuration for a faster recovery process, and operators can continue working as usual.
Planning your backup strategy with TiPS provides peace of mind should a LogMate installation rebuild be necessary. Your LogMate licenses are secure on an encrypted license dongle. The installation rebuild is a snap by installing the latest version of the TiPS software even if your configuration backup is dated. The SQL Server databases are restored with minimal effort, and with the assistance of TiPS Technical Support, you could potentially restart your data collection without any loss of data.
Are you ready to improve your disaster recovery plan? Get in touch with us to learn more about LogMate products and services you can use to protect your business from data breaches.