BOSTON – An external audit of the large east coast pipeline company that was hit by a cyber attack three years ago revealed “cruel” information management practices and “a patchwork of poorly connected and secured systems,” the author told The Associated Press.
“We identified obvious flaws and major problems,” said Robert F. Smallwood, whose consultancy released an 89-page report in January 2018 after a six-month audit. “I mean, an eighth grader could have hacked into that system.”
How far the Colonial Pipeline company has gone to close the vulnerabilities is not clear. Colonial announced on Wednesday that it has hired four independent cybersecurity risk assessment companies since 2017 and increased its total IT spending by more than 50%. While no amount was given, tens of millions of dollars were spent.
“We are constantly evaluating and improving our security practices – both physical and digital,” said the privately held Georgia-based company …