Your address will show here +12 34 56 78
Blog

In the wake of the Colonial pipeline cyber attack, the Department of Homeland Security released new cyber protocols for pipeline owners and operators on Thursday after the hack disrupted fuel supplies in the southeastern United States for days this month.


“The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security,” DHS Secretary Alejandro Mayorkas said in a statement.


The owners and operators of critical pipelines will be required to report confirmed and potential cybersecurity incidents to the department’s Cybersecurity and Infrastructure Security Agency (CISA) and designate a cybersecurity coordinator, to be available 24 hours a day, seven days a week, DHS said.


The directive will also mandate that  pipeline owners and operators review current cybersecurity practices and identify any gaps and remediation measures for risks, it said. They must report those results to the Transportation Security Administration, a unit of DHS, and CISA within 30 days.


The catastrophic ransomware attack disrupted the operation of the  Colonial Pipeline, which runs from Texas to New Jersey, and they were forced to shut down a large part of their network for several days earlier this month, leaving thousands of gas stations across the U.S. Southeast without fuel.


After the pandemic shortages, and fearing more disruption, people raced to fill their tanks as the outage illustrated the nation’s reliance on a few key pipelines for fuel needs.


The closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.


According to Reuters, the bad actors held Colonial Pipeline’s computer network hostage and successfully extorted millions of dollars in digital currency. The cyber incident has bumped the security of critical U.S. infrastructure to the forefront of the national agenda.

0

Blog

In this day and age, anything connected to your network is a threat. It’s the reason why Zero Trust Security is catching on.


Just this last week, a massive malware attack affected the Eastern US on the Colonial pipeline when a group of Russian hackers infiltrated their networks.  Gas production came to a screeching halt.

What is Zero Trust?


It is in this context that you may have heard the phrase ‘Zero Trust’ when it comes to cyber security and protecting business assets.

So what is Zero Trust model? Simply put Zero Trust is a model of thought that centers around never trusting any device, application or person regardless if they are attempting to connect from inside or outside the network. This methodology is gaining more and more traction as cloud application usage increases and the permanent shift to remote work is further implemented.


Zero trust is a strategy where everything (People, Data, Sessions, Devices, Applications) regardless if it’s inside or outside the network is treated as suspicious. Essentially it is a ‘default deny’ posture, even for users within the organization. Instead of ‘Trust, but verify’ the organization ‘Never Trusts, Always Verify’. This is not accomplished by one tool but rather policy, procedures and tools. Zero trust also focuses on Least Privilege- a Methodology that states no user should have more rights and permissions than what is needed to perform their work.

If you are interested in learning more Micropac can help provide you with flexible, easy-to-use, and trusted data protection technology —which can help you minimize the impacts of a data breach. Contact us today!

0

Blog

In a move to tighten security,  Google is making all their users start using two-factor authentication (2FA), which can block attackers from taking control of their accounts using compromised credentials or guessing their passwords.

“Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured,” said Mark Risher, Google’s Director of Product Management, Identity and User Security.

This additional security step will give an additional security layer to Google user accounts’  by removing the “single biggest threat” making easy to hack: passwords that are hard to remember and, even worse, easy to steal via data breaches and phishing.

To begin the process, the company will ask users already enrolled in 2FA (aka 2-Step Verification or 2SV) to confirm their identity by tapping on a Google prompt on their smartphones whenever they sign in. 

To enroll in two-factor authentication for your Google Account right now, click here and use the “Get Started” button to add an extra layer of security and block attackers from gaining access to your data.

If you need assistance with your cybersecurity contact MicroPac today! 

0