Do you have a formal risk assessment tool you use, or are you still managing risk using the SWAG method?
On 5/7/2021, the Colonial pipeline which provides almost half of the east coast oil supply was shutdown by a ransomware attack. Service returned five days later, but only after Colonial paid almost $5 million in ransom to get the cyber keys.
Could this have been avoided?
The simple answer is YES. Legacy monolithic infrastructure architectures leave systems highly exposed to these type of attacks. The fact that a vital component to U.S. infrastructure was so exposed is both scary and mind numbing. It highlights gross incompetence in resiliency planning. At the worst case, it’s unimaginable that a vital service like that did not have the ability to rebuild infrastructure and roll back data to a pre-attack state.
In a forward thinking technology culture, it would seem more critical that resiliency planning would have looked more towards an IaaS or PaaS design in order to respond swiftly to any factors impacting production operations. Technology is available to have near real-time failover to alternate resources.
The Colonial Pipeline incident should serve as a message to all who oversee critical production environments to review their plans and ensure they are leveraging the best options to mitigate or avoid the evolving risks in the digital age.
What’s your favorite web type… wordpress, php, html/css, asp or something else?
My project of the week has been to create a web template for an EA3 enterprise architecture repository. Watch is grow at http://www.jjpennell.com/ea3/eamp.html
Has the hack of solar winds had any change on your monitoring and security strategy?
Adding WordPress to my list of skills as I’m figuring out how to include blogging to increase my reach
Ask Joe Geek needed to take a step away, but we’re back online and ready to help folks navigate the ever changing world of technology.