Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Colonial Pipeline ransomware attack proves yet again that cybesecurity is paramount: Why companies don’t take cybersecurity seriously

By Purandar Das
cyber security
May 19, 2021

The recent ransomware attack of the Colonial Pipeline has reinvigorated calls from legislators to strengthen the defenses of U.S. pipelines and the electric power grid. Over the last several years, a repeatable pattern is becoming apparent with each major cyberattack. A critical cyber-attack occurs that is followed by outrage that result in statements from government leaders with calls for action - all followed by proposed ideas on how to better mitigate the risk of cyberattacks in the future. Yet, it seems that time goes by and with the next major attack the cycle starts all over again. This time, government is taking a more rigorous approach to proposing solutions to end the vicious cycle.

On May 11, 2021, President Biden signed an Executive Order that includes several requirements for companies to do business with the federal government. Among these requirements is a mandate that all software sold to the federal government follow imposed cybersecurity standards within nine months. The order also includes a requirement that the government deploy encryption and multi-factor authentication solutions.

There are also appeals for a new government authority to hold companies accountable if they fail to comply. Oregon Senator Ron Wyden is advocating for legislation that forces companies to secure their computer systems, with civil and criminal penalties for critical infrastructure firms with weak cybersecurity posture and strategy. As is often the case after a major cyberattack, there is renewed debate within government for minimum cybersecurity standards across businesses. As usual, there are two sides to the debate. On one side are proponents for minimum security standards mandated by the government. On the other side are those who don’t want to overburden organizations with government mandated security requirements.

So, why does it seem that companies do not take cybersecurity seriously enough? One of the major reasons we keep seeing these headlines and attacks are becoming more and more costly as in the case of Colonial Pipeline attack, is likely due to a lack of resources and overworked security personnel. The security industry has a serious gap in resources, roughly 3.5 million security jobs are unfilled. Universities are not able to train students quickly enough compared to the desperately needed, unfilled security positions. Security personnel are overworked and know they are a target. They may even know an attack is imminent, but they don’t have the time or budget to prepare for such an attack. And when various security systems are generating alarms, they tend to go undetected because internal IT resources aren’t able to dedicate the time to manage and monitor the numerous security solutions. Additionally, IT resources are spread thin across the many requirements of their roles, often not allowing them with sufficient time to get trained on each security platform.

Ransomware is a threat that all companies, agencies and the like must prepare for. Ransomware attacks are highly effective and more often than not, a ransom is paid as organizations simply cannot afford to have system downtime or to deal with the crisis of having their stolen sensitive data leaked. In order to effectively combat this threat, companies need to invest more time, budget, and resources into their security personnel and in recruiting new talent. But there are ways that organizations can protect themselves from the likelihood of a ransomware occurring, and from being operationally crippled when a ransomware attack occurs.

Until recently, the notion of encryption has been the last thing that evolved in terms of data security. Encrypted data was only safe when no one was using it. To use data, it had to be decrypted, and that has been a big vulnerability. However, now organizations can reshape the way they protect their most sensitive and valuable data without compromising their ability to manipulate data at top speeds in any manner. With game changing encryption technologies that keep data encrypted at all times, companies can now prevent attackers from being able to access, use, or release an enterprise’s data even after they steal the data. This has several advantages. First off, if an adversary is doing reconnaissance and looking to locate and exfiltrate data, it will be a wasted effort as the data is encrypted and unusable to the attacker. This may be enough to deter an attacker from conducting a ransomware attack, as he/she no longer has anything of value to bargain with. Secondly, even if an attacker steals database, the attacker’s data is rendered useless, and the attacker is no longer able to use the stolen data as leverage for blackmail for ransom.

Most organizations do believe cybersecurity is paramount, but don’t know how to obtain the highest possible level of protection with what little budget and resources they have that are already spread thin. To help organizations take a proactive approach to cybersecurity, it is important for cybersecurity vendors to provide comprehensive solutions that provide end-to-end security that is enriched with threat intelligence, as well as recommendations to building a holistic security framework. This translates into companies requiring fewer solutions that result in a more cost-effective approach. Additionally, security personnel that are bogged down can prioritize their focus with SIEMs enriched with intelligence, coupled with encrypting their most sensitive data stores. More and more, companies are understanding that their sensitive data is their most valuable asset. With that, they must recognize that a new approach to their security framework is needed. Taking a data-first approach to protect their most valuable assets and finding a solution that allows them to continue using the data safely and securely, creates a solid baseline on which to layer other security solutions.

Lastly, President Biden’s Executive Order is a move in the right direction in terms of instilling just how important cybersecurity ought to be to organizations. But along with that, organizations must be educated on the latest cybersecurity solutions that can be game changing both from alleviating security resource constraints as well as providing new solutions for vulnerabilities that have been opening the doors for cyber attackers for a long time. Just as important is IT security personnel’s’ and organizations’ willingness to be open-minded to new, innovative solutions that are available to them instead of disqualifying gamechangers in the market by chalking them up to being no different than solutions that have existed before.

KEYWORDS: cyber security information security malware ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Purandar das

Purandar Das, CEO and Co-Founder of Sotero, has focused on using technology to solve business problems. Throughout his career, Das has been working on utilizing technology to solve complex business challenges. He adopts a pragmatic approach that enables business to leverage technology to achieve business goals and power growth. Das started Sotero with the conviction that today’s data protection was deficient and that a better approach was needed to protect data. He is a firm believer that security, where the core focus is not the data, is not a viable option. Das is a graduate of Texas A&M University (MS – Mechanical Engineering) and Bangalore University (BS – Mechanical Engineering) and is based out of Massachusetts.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber-data-freepik1170x658x82.jpg

    Consolidation and automation key as cybersecurity becomes a competitive edge in 2022

    See More
  • Person walking in front of lights

    Why consumers don’t take cybersecurity threats seriously

    See More
  • gasoline freepik

    U.S. to issue first cybersecurity regulations after Colonial Pipeline ransomware attack

    See More

Related Products

See More Products
  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!