Remote work may have contributed to the weekend ransomware attack on Colonial Pipeline, according to the BBC. Remote login details that are hacked and stolen can be used by the hackers or sold on the dark web to other threat actors, a problem plaguing more and more companies due to extensive remote work during the pandemic. In addition, the "bad guys" responsible for the Colonial Pipeline incident appear to be a group that works much like a corporate franchise model, selling know-how and tools to associates who then pay a percentage of their takings to the main enterprise.
Although the Colonial Pipeline incident has received a lot of press because of its relation to national fuel supplies and security, the reality is that most ransomware attacks happen to ordinary companies regardless of their public profile. Small and medium businesses that do not have a full security apparatus can be especially appealing targets, because they are likely to pay rather than fight back against an attack. Being prepared with both security plans and a recovery/continuity plan can help prevent or mitigate a lot of heartache, contractual exposure with business partners, loss of business opportunity, negative PR, and more. The value of planning and security is even higher during the current work from home posture for most businesses.