The Colonial Pipeline cybersecurity attack that curtailed fuel supplies in the southeastern U.S. started a new conversation about threats from hackers.
Now, a topic that existed in the shadows – much like those who carry out these attacks – might get the attention it requires.
While cybercriminals pulled off a well-publicized $4.4 million ransomware plot against a company operating a major refined products pipeline, leaders in cybersecurity and information technology (IT) are reminding industries that no business is safe.
In fact, half of all cyber incursions occur at small and medium-size businesses, writes Bobby Garrett, director of IT and cybersecurity at Gray, Gray & Gray, in an article for the firm’s clients.
But knowledge is power, and businesses can be smart in their approach to cybersecurity, taking steps to protect themselves, their customers and their employees from the damages.
In this context, propane industry safety takes on a whole new meaning because, while propane wasn’t affected by the Colonial Pipeline attack, energy organizations are one of the most targeted by cybercriminals.
Adapting to technology
So how did we get here? We live in a digital information age, as part of a digital economy, with so much in our daily lives reliant on internet activity. Everything is connected.
This applied even before the pandemic, which moved companies – entire industries – toward a digital transformation. Ready or not, they were forced to adapt to changing consumer behaviors. Plus, the onset of remote work created a new set of digital challenges and magnified the need for enhanced security away from the office.
“While the technology has shifted and grown to such an extreme level, the need for people to understand and adapt to that technology has grown immensely as well,” explains Adam Brewer, co-founder of digital security firm Silent Quadrant during PERC President and CEO Tucker Perkins’ “Path to Zero” podcast. “That’s where we see a lot of this threat evolving is that people are struggling to keep up with the pace of technology and their knowledge of how to use it.”
While deploying advanced detection and prevention methods is one solution for companies, playing sound defense really starts with the people, Garrett writes. He cites a study from consulting firm Willis Towers Watson that found 90 percent of cybersecurity breaches are due to human error or behavior. One email asking an employee to download what turns out to be a corrupted file could unravel an entire system.
In its digital security workshops, Gray, Gray & Gray focuses on three critical components of individual behavior: recognizing threats, confirming identities and protecting sensitive information. Garrett believes recurring training sessions that educate employees about cybersecurity best practices are the most important security investment companies can make.
“Establishing a culture of security is absolutely paramount because you can have the best technology in the world and if you have people that are not leveraging that technology in a safe manner … you really put yourself in a vulnerable position,” says Brewer on Perkins’ podcast. “There has to be a prioritization of security and digital protection from the leadership.”
On the podcast, Perkins says he didn’t think much about words like “cyberthreat” and “security breach” until recent years.
“Now they’re the new normal,” he adds.
Over the past four years, Silent Quadrant has observed a hastened pace of vulnerabilities and threat actors taking advantage of smart devices and critical infrastructure, says co-founder Kenneth Holley during the podcast. For the first time, the firm is seeing these individuals collaborate on attacks.
Propane marketers must take these threats seriously and act to protect the businesses they’ve built throughout their lifetimes. Work with your IT teams and consult with industry partners to prevent this danger from overtaking your operations.
Colonial Pipeline and the propane industry
The propane industry didn’t face direct impacts from the Colonial Pipeline’s temporary shutdown following a May 7 cyberattack. That’s because Colonial, a 2.5-million-barrel-per-day system of about 5,500 miles of pipeline, provides other refined fuels throughout the Southeast, according to the U.S. Energy Information Administration.
Still, John Jessup of the North Carolina Propane Gas Association says many of his members have convenience stores and sell diesel and gasoline.
Of interest to the propane industry specifically was whether the shutdown would impact refinery production rates on the Texas Gulf Coast, ultimately impacting propane production, says the National Propane Gas Association. It didn’t appear that happened. The pipeline initiated a restart of operations five days later and was back to normal operations by May 15.
Featured image: LP Gas staff; ElenVD/iStock / Getty Images Plus/Getty Images (pipeline); loops7/E+/Getty Images (background)