The value of a Security Operations Center for MSPs

The value of a Security Operations Center for MSPs

When you work inside of a Security Operations Center (or SOC for short), the day never ends. It’s demanding and often a seven-days-a-week job, according to Sagar Vyas, the Global Cybersecurity Evangelist for Jolera Inc.

Working inside a SOC is a fast-paced environment where SOC professionals handle events such as alert notifications, triages, security incident responses, and explore how to contain threats that may occur in the future (also called Threat Hunting).

“You are doing multiple things and you have to be able to pivot quickly through them. This is a complex job and finding people with the right skillset for it is has been a challenge, especially in Canada,” Vyas added.

Associate partner, cloud, and security for CrucialLogics’ Claudio Damaso joined Vyas on a panel discussion for the ChannelNext Central Conference in Toronto on the topic of MSP Security, echoing Vyas with his own experiences in SOC.

“We have a dedicated team at CrucialLogics and they eat, breathe, and sleep security.”

Damaso emphasizes that one cannot get by in a SOC with just a background in a few security courses.

“Many people are in the game because they are passionate about alerts, analyzing threats and their intelligence, and predicting future threats,” Damaso said.

Increasing importance in SOCs has been prevalent in both business and government organizations of all sizes. Fresh research from Statista, Canada, found that the total addressable market for SOCs is projected to reach $30 billion USD by the end of 2021.

Over the course of the past 19 months of the Covid-19 pandemic, the thread volumes for SOCs significantly increased, predominantly due to the shift to remote and online work-related security challenges.

Operating a SOC during the pandemic was anything but easy, as “the Internet [doesn’t] stop at the Canadian border,” Damaso explained.

“You need to [be] proactive and preemptive [about threats] before they reach your customer. It’s a constant battle!”

For Managed Services Providers (MSPs), operating without a strong SOC can be detrimental to cybersecurity. Partnering with a skilled SOC provider is the primary suggested strategy for mitigating the high risks of cyber-attacks before they affect customers.

Vyas cautioned that the blurred lines of responsibility of things like handling data and responding to security breaches requires the navigation and reliability of a well-vetted SOC partner. Well-trained SOCs reduce the costs associated with security and malware and can support MSPs in long-run with security intelligence reporting.

IBM recently published a report titled ‘Cost of a Data Breach Report 2021’, illuminating the average cost of a data breach this year: $4.24 million, an almost 10% increase from the previous year.

So where does this leave MSPs? Many are speculative of automation and machine learning as a way of both preventing and reducing the costs associated with cybersecurity. Both Jolera and CrucialLogics are SOCs committed to advancing the way the industry understands cybersecurity; Jolera recently released an AI-driven Endpoint Detection Response (EDR) solution targeting this exact area of developing technology.

Vyas said it simply: “The time for advanced and effective cybersecurity and SOCs is now.”

 

By Paolo Del Nibletto

You can’t just Google your Cyber Security

You can’t just Google your Cyber Security

The ChannelNext Central conference recently concluded, leaving the industry buzzing with ways to boost their Managed Service Providers (MSP) security offerings and intelligences. Claudio Damaso, associate partner, cloud, and security for Hillsburgh, Ont. based CrucialLogics and Sagar Vyas, the Global Cybersecurity Evangelist for Jolera Inc. are two of the country’s leading cyber security experts who both agree that for MSPs to obtain and build the latest, state-of-the-art cybersecurity, it can’t simply be searched on Google!

Damaso referenced this summer’s massive ransomware attack in July that left close to 1,500 organizations stunned. This attack infiltrated specific remote management software from a company that produces it for the MSP market. ‘REvil’, a group of well-known, highly-trained hackers were able to successfully penetrate the security of close to 50 MSPs. This sort of attack was made easy for REvil, as they used the company in question’s products to gain access to almost 50 MSPs.

What this hack has revealed is that MSPs are largely not designed to handle the triage of the breach. Damaso’s direct advice for MSPs: “if you are going to play the security game, you can’t fake it until you make it.” The point both Damaso and Vyas convey to both the ChannelNext Central’s studio audience and live streamers of the event is that you need to be differentiated and unique in your approach in order to set yourself aside from other industry players who, when it comes to security protection, “Google it.”

Referencing a recent research study on global cyber security, Vyas said that in 2021 alone, cybercrime is up 600% – more than double the number of attacks the previous year. He added that at Jolera, his cyber security team sees this type of activity on a daily basis and ransomware attacks have rapidly evolved in the last five years. The sophistication of ransomware attacks has dramatically increased in today’s environment: Large groups of organized, established hackers who run their teams like a business.

Vyas firmly stated that any hack, breach, or ransomware attack is not a matter of ‘if’, but ‘when.’ The MSP community is best prepared when they enlist the right people, processes, and technology — all ensuring that the security of their service offering is as air-tight as possible. Vyas continues the discussion by explaining that MSPs with underdeveloped protection strategies should engage with a cyber security partner whose expertise can provide the right support. “Again, you cannot Google your cyber security partner.”

Vyas advised MSPs to specifically seek a security partner who understands the many securities policies organizations are looking to implement, along with the correct technology designed for endpoint detection and response in a fully monitored and managed solution.

With so much knowledge and understanding of this landscape, Vyas and his team have recently released a high-level, enhanced Endpoint Detection and Response (EDR) security offering. EDR is designed to predict, prevent, and recover all forms of malware from end-to-end, making it harder than ever to penetrate or to go undetected under their protection. Powered with advanced AI technology, this fully autonomous platform is currently available and can be modified to meet an array of individual needs.

Other technology areas MSPs should focus on are multi-factor authentication, security identification and event management systems, or SIEM, and incident response units that have action plans in place for any kind of security attack.

For Damaso, his advice to MSPs is to make it their duty to protect all their customers.

“There are fundamentals with security that can be implemented to better protect yourself and your customers’ business. But far too often, they push the boundaries of negligence when it comes to breach consequences. Nothing can be guaranteed because of all the factors out there, but can the MSP say [that] they have done enough?”

Other security strategies to consider for MSPs are assessing a risk tolerance level and then mapping out a strategy based on that. Damaso concluded that every organization will have a unique risk tolerance level and having a backup plan is necessary to ensure the damage to the pocketbook and the brand are minimized.

In the end, the two security experts conclude that their tenure and success in the industry can only further drive home the fact that you cannot Google your security needs. The most effective, cost-efficient, and headache-free method for MSPs to protect their offerings is to find a partner in the industry that both understands the climate of cybersecurity and has the right tools to mitigate the ever-present malware risk.

By Paolo Del Nibletto 

The biggest Phishing Scams of the last decade

The biggest Phishing Scams of the last decade

October is Cybersecurity Awareness Month, so it’s almost mandatory to explore one of the biggest cyber threats known to date. Phishing scams are amongst the greatest cyber security threats that businesses and organizations face today. 75% of organizations around the world experienced some kind of Phishing scam in 2020. According to the FBI, there were nearly 11 times more phishing complaints in 2020 than in 2016. Phishing attacks are only rising with the increase in remote work. The attacks are becoming popular because they are easy for hackers to conduct and can potentially lead to large payouts. Phishing scams can lead to devastating costs for many parties involved. Below we will examine some of the biggest and most costly phishing scams that have happened in the last decade.

 

1. FACC

In January of 2016, FACC, an Austrian Aerospace and Defense company lost around €50 million from an email phishing scam. The scam was believed to be a Business Email compromise scheme, in which the attackers impersonate a finance official in the company and attempt to trick the email receiver into transferring a large amount of money into the attackers’ account. After the loss, FACC decided to vote off their CEO as a consequence, and also fire their Chief Financial Officer. It is unclear what their roles were exactly in this scam, but it is evident that the consequences of falling for such a phishing scam can be very severe and detrimental – not only financially.

 

2. Sony Pictures

In November of 2014, Sony Pictures was hacked by a group called “The Guardians of Peace”. Numerous consequences occurred; one of them being that 100 Terabytes of unreleased data and pictures were leaked. CEO of Cylance, a large computer security firm, stated that the hacking group was able to infiltrate Sony’s system through phishing scams they planted months earlier. Employees of Sony Pictures, including the CEO, received ID Verification emails that appeared to be from Apple. Once Sony was hacked, the attackers also demanded Sony to withdraw their movie “The Interview” which was a comedy about a planned assassination of Kim Jong-un, the North Korean leader at the time. Many cinemas refused to screen the film as the group also threatened terrorist attacks at the openings. It is difficult to calculate the full scope of damages of this phishing attack, but the estimated costs to the company were over $100 million.

 

3. Facebook and Google

Between 2013 and 2015, over $100 million was stolen from Facebook and Google through another clever phishing scam. The hackers created fake email accounts which looked like they were sent by employees of Quanta, an infrastructure supplier in Taiwan that both Facebook and Google worked with. The hackers then sent phishing emails with fake invoices to financial officers at Facebook and Google who were used to conducting such large transactions. Once the scam was eventually discovered, both companies took legal action and the hacker was identified as Evaldas Rimasauskas, a Lithuanian man who was then sentenced to 5 years in prison.

 

4. Colonial Pipeline

The most recent and largest phishing scam occurred earlier this year, in May 2021 to Colonial Pipeline in the U.S. Although Colonia Pipeline was hit with ransomware, the attackers only gained access through an employee’s email which was most likely accessed through a phishing attack, as the U.S. government believes. The exact source of the attack is still being investigated. It is impossible to determine how costly the cyber-attack really was, as effects have been felt in many countries that dealt with Colonial Pipeline and are still being uncovered. The company has already paid $4.4 million to the hackers. As the organization provided half of the oil supply to the U.S.’ east coast, the effects were felt publicly when gas prices soared after Colonial Pipeline was shut down for two weeks.

 

Phishing scams are not going anywhere, and the best way to stop and detect them is through your front-line employees. Regular phishing training should be conducted to help employees become aware of the severity of the attacks, as well as to know what to look for in everyday emails.

 

By: Joanna Ambros, MBA

 

ChannelNext East show gets back to In-Person events

ChannelNext East show gets back to In-Person events

By Paolo Del Nibletto

The ChannelNext East conference in Montreal was my first in-person event since January of 2020 and it hosted local channel partners and MSPs from the area as well as several more who live-streamed the show. The one-day event was held at the Riverside Event Venue in the city, and it provided the best backdrop for an in-person event under strict COVID-19 restrictions. Riverside is an indoor-outdoor facility that enabled the conference organizers TechnoPlanet to provide a safety-first, social distancing format for all attendees, speakers, and event staff.

TechnoPlanet president and show host Julian Lee said the IT industry needed to re-start in-person events after such a long layoff.

“The channel needs to get back to work and we see in-person conferences as an important part of a get back to work strategy. The main objective of the ChannelNext East event was to rethink the conference showcasing interesting areas that are more suited for the current situation,” he said.

This meant that a hotel, where most conferences usually take place, was out of the question. Hotels have plenty of moving staff going from event to event and the chances of cross-contamination would be high. For Lee and his team, they needed to adapt to a new situation that could best meet the new model, while having a hybrid approach so that it can interest a bigger audience. Another factor for Lee was his desire to support local businesses hard hit by the pandemic and subsequent lockdowns. This is why TechnoPlanet chose the Riverside indoor-outdoor event venue in the Saint Henri district of Montreal.

ChannelNext East featured a talk show format highlighted by opening keynote Q&A with Chris Fabes, the Canadian Channel Chief of Lenovo. Fabes talked about how Lenovo Canada would be helping channel partners and MSPs pivot from the pandemic, what investments they were making in the channel community and how they were scaling towards an as-a-service model.

This was followed up with a panel discussion on how to best approach the Digital First Economy which featured leadership consultant Glynis Devine and myself. I spoke about how MSPs can get a leg up on the digital economy with fixed cost, as-a-service solutions in security, backup, and cloud.

The show also featured an expo and a Lion’s Den competition with executives from Datto, Cyber Power, Net2Phone, SherWeb and ViewSonic squaring off in three-minute segments. Show attendees in-person and online could vote for who had the best pitch.

Finally, Randall Wark, the co-created of the Channel Partner Alliance took the stage to outline the benefits of the Mastermind programs along with bringing actionable strategies and insight on digital best practices to MSPs and channel partners.

Lee added the ChannelNext East hybrid event says there is help if the channel wants it.

“The struggle is real in the channel, but there is help out there either virtual or in-person.”

The ChannelNext East event may have been the first in-person show so far this year, but it will not be the last. Lee and his team are working on the next event that will be staged on Oct. 20th in Toronto.

Getting the Most from your Managed Service Provider

Getting the Most from your Managed Service Provider

The decision to outsource some or most IT operations to an external MSP (Managed Service Provider) is one that could directly benefit your entire company. MSPs can bring value by allowing your company to focus on what it does best without sacrificing time on managing their Information Technology infrastructure. The first step is to choose the right MSP for your company. Once your company has taken the plunge and committed to the right Managed Service Provider,  here is how to make sure you get the most value for your money.

Be Honest

Being completely transparent in terms of what your business goals and priorities are will be mutually beneficial to both your company and your Managed Service Provider. An open discussion about aligning your business goals and needs with the strengths and services of the MSP will only enhance the results you get. 

Build a Relationship

As you will most likely be working with your Managed Service Provider for a long period of time, ranging from months to years, it is important to establish a professional relationship with your MSP. Your Managed Service provider should essentially be a business partner that will not only enhance your IT software and services, but introduce you to external connections and broaden your company’s network.

Involve your Managed Service Provider in Planning Stages

If you have a specific vision for your company’s IT services, it is best to inform your Managed Service Provider early on so you can be on the same page. For example, do you want to focus on cloud-services only? Do you plan on improving your entire outdated IT infrastructure within one year or less? Or are you more focused on creating a fool-proof cybersecurity plan for your business? Determine your specific goals and priorities and include your MSP in the initial planning stages. Not only will you benefit from your provider’s expert opinion in IT, but you may also cut costs down the line by discussing your projects ahead of time and budgeting accordingly.

Utilize All Available Services

Your Managed Service Provider can provide a multitude of services, such as 24/7 Tech Support, Cybersecurity Services, Employee training programs, or Disaster Management. Find out from your representative what other services they think your company may benefit from. Even if you only commit to one plan when signing a contract early on with your MSP, down the line you may require more services and help managing as your business grows and scales. You may be surprised at the variety of ways an MSP can help your company that you have not thought of before.

Managed Service Providers can tremendously enhance your company’s operations. To get the most of your experience, it is important to establish a solid relationship with your MSP, have open communication about your business goals and plans and trust your MSP to provide you with the tools to succeed. Establishing a partnership with your Managed Service Provider will bring your company long-term enterprise success.

By: Joanna Ambros, MBA

How to choose the right Security Auditor

How to choose the right Security Auditor

Now that your company has decided to start performing regular IT Security Audits to ensure compliance and enhance cybersecurity, the next step is to find the right Security Auditor. Although it can seem like a stressful and daunting task, it is important to find an Auditor who is a suitable fit for your company. Focusing solely on low price may result in a poorly matched Security Auditor for your team. The right Security Auditor will be able to understand the specificities of your product and the challenges your company’s IT systems may be up against. 

What are some factors to consider when choosing a Security Auditor?

1) Qualifications

Auditors may be qualified to perform different levels of tests. It is first important to determine what compliance certifications your nature of business needs; it is common to see cloud-based service businesses needing SOC 1, SOC 2 and ISO 27001 as well as CCPA as compliance necessities. Do your research beforehand to see which Audit companies are qualified to run the tests you require.

2) Reputation

The key to vetting an Auditor’s reputation is to do thorough customer reference checks. You will want to ask those who have worked with the auditor a few of the following questions:

  • How flexible has this auditor been while working with you?
  • How would you rate them compared to other Security Auditors you have worked with?
  • Did their services and delivery measure up to what they promised?

It is usually well worth the price to partner with a reputable, more expensive Audit company and known brand than an unknown auditor with no references at a lower price.

3) Time Commitment

Your engagement with a Security Auditor could range anywhere from three months to several years as most security accreditation standards require annual renewals. It is relatively uncommon for companies to switch auditors once a match is made. The bulk of the work for an auditor is in the first year, and it reduces over time. It is a good opportunity to also consider long-term pricing arrangements which can either start low with a good deal and increase or lower over time.

4) Tools

What kind of tools and programs will the Security Auditor be using? Are these programs up to-date and in full support of cloud-based services?  If your company uses modern infrastructure and software, your auditor needs to fully understand those. Likewise, it is important that your own IT department understands these tools, and that they are scalable and easy to use.

Choosing the right IT Security Auditor can lead to a long-term beneficial partnership and relationship for your company. While evaluating choices, it is crucial to consider not only the price, but the timeline of the relationship, the Auditor’s reputation and reliability, their qualifications and the programs that they will use to maximize the value of the audits specific to your company’s needs.

 

By: Joanna Ambros, MBA

The Importance of IT Security Audits

The Importance of IT Security Audits

In today’s modern day and age, it is crucial for companies to take their Information Technology systems seriously to avoid the possibility of cyber-attacks and data breaches. A great way for companies to ensure their Security remains up to date and compliant is to perform regular IT Security Audits.

What is an IT Security Audit?

To begin defining an IT Security Audit, we can examine the formal definition of an Audit as provided by the Institute of Internal Auditors: “independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

An Information Technology Security audit is a  comprehensive review of your company’s entire IT infrastructure. This includes a full review of your IT systems, management, applications, and data uses amongst other processes. The purpose of this audit is to evaluate the overall safety of your network. A good comprehensive audit would suggest improvements and identify any weaknesses in your system, to ensure greatest operating efficiency and cybersecurity.

What are the Benefits of IT Security Audits?

Companies should perform regular IT Security Audits to determine if their infrastructure properly is able to secure the company’s data and assets. There are many benefits to performing these audits regularly:

  • Reducing Expenses – IT Audits can help you uncover which services you no longer need as well as outdated software and help your company save money in the long run.
  • Ensuring Compliance – Regular IT Audits will also ensure that your company’s Information Technology platform and systems are up to date with your country’s standards. This will help avoid any legal disputes and fines down the line.
  • Verify Security Effectiveness – Certified IT auditors will use various tests to verify how effective your current cybersecurity processes are.
  • Improve Communication within the Company – Regular IT audits can enhance the communication between different departments with the Information Technology department.

Types of IT Security Audits

There are four main types of security tests in an IT audit. These include: Vulnerability Tests, Penetration Tests, Risk Assessments as well as Compliance Audits

Vulnerability tests are performed to identify any loopholes or risks in your IT system’s design, to reduce risk. Penetration tests are used to stimulate disruptive conditions and break into your system, such as sending email links with malware. These are great for improving employee security training and testing antivirus software. Next, Risk Assessments are used to identify and eliminate risks associated with using your company’s IT systems. When risks are identified, the next step for companies is to determine what investments should be made to eliminate those risks. Lastly, Compliance Audits ensure that your company’s IT systems adhere to the legal standards in your country or industry.

Regular and successful IT Audits will ensure that your company’s IT systems are well protected against modern threats, and compliant to regulations. The best way to protect your company’s security in today’s technological society is through expert auditors.

 

By: Joanna Ambros, MBA

 

Serial entrepreneur looks to make another impact on MSPs

Serial entrepreneur looks to make another impact on MSPs

By Paolo Del Nibletto

Colin Knox describes his entrepreneurial journey so far in two words: Crazy and stupid. But the founder of two highly successful businesses: XCEL Professional Services and Passportal also acknowledged the creative part of his journey as well.

Knox, after spending a little over a year at SolarWinds MSP which acquired Passportal, is at it again with a new company called Gradient MSP. This time, Knox will be using his talents to help the MSP and vendor communities better understand themselves. The goal is to lead both communities into building profitable monthly recurring revenue streams.

The spark for Gradient MSP came while he was reading Start with Why: How Great Leaders Inspire Everyone to Take Action by Simon Sinek. “This book spoke to me,” he added. While reading the book, Knox began to envision how he could solve more MSP industry problems by helping the community compete on a level-playing field. Knox also realized the industry is a two-way street and will have Gradient MSP work with vendors as well to “level them up” to better understand MSPs.

Currently, Gradient MSP is working on its offering; planned for launch sometime in this year.

During the Jolera Interview Series, Knox talked about how he started as an entrepreneur by catching insects as a kid and putting them into his own “Bug Zoo”. As crazy as this sounds, neighborhood kids paid Knox to see his collection. And, from there it sparked a lifelong passion to create things that others can enjoy.

“I thought it was cool. People paid me to see my bugs. It comes down to creating something that others can enjoy and make their lives easier. I think the most rewarding thing for me is when I hear stories about how things I have created that has impacted others. This is what drives me to keep going and try new things,” he said.

Knox’ biggest claim to fame is Passportal, a password security and documentation management solution that he sold to SolarWinds MSP in 2019.

“We created Passportal at a time when many MSPs were embarking on trying to find a solution. We’d gone out and looked high and low and found a ton of enterprise or consumer grade products, but none that were suited for the mid-tier,” he said.

After posting several queries on platforms such as LinkedIn, to find out what others were using to solve and manage passwords without any luck, Knox decided to build it on his own. Passportal came at a time when several MSPs had no answer for challenging issues such as compliance audits or even simple matters as a password change when an employee leaves the organization.

Then those LinkedIn queries turned into several replies for other interested parties wanting to know if Knox and XCEL found anything. Knox saw opportunity and created Passportal in 2011. And, with zero marketing effort got more than 300 MSPs to use it almost instantly. At the time of the SolarWinds MSP acquisition more than 2,000 MSPs were using Passportal worldwide.

Knox credits entrepreneurs such as Robert Herjavec of Dragon’s Den fame and Apple co-founder Steve Jobs for his inspiration as an entrepreneur. Knox said without having read Herjavec’s book Driven: How to Succeed in Business and In Life he would never have started XCEL. “Herjavec’s story showed me that I could build an IT business in Canada.”

As for Jobs, several of his career case studies gave Knox the confidence to know that a small, gritty team can be world class and create solutions that can be used by the masses.

Also, during the Jolera Interview Series, Knox described what his experience was like starting Gradient MSP during a worldwide pandemic as well as what entrepreneurs can learn from failure.

 

Partnering with a Managed Service Provider: What to Consider?

Partnering with a Managed Service Provider: What to Consider?

For many small or medium sized businesses, as well as emerging start-ups that do not have the capacity to manage their own Information Technology Infrastructure, a Managed Service Provider is a great solution. An MSP (Managed Service Provider) is a third-party company that remotely manages a company’s IT infrastructures and performs day-to-day management services. With so many MSPs globally available today, it is important for a business to first consider some critical questions before choosing the right MSP to partner with.

1. At what point should your services be managed by an MSP rather than in-house?

The first step is to determine what services are actually worth managing by a third-party. If a company has less than ten computer users, it may actually be more cost-effective to do all services in-house. However, if a company is scaling and has over two hundred end users and is still in the process of growing, most services should be managed by an MSP to enhance productivity and cost-effectiveness for the business.

2. What competitive advantage does the MSP offer?

What differentiates the Managed Service Provider that you are considering? Is it their extremely well reviewed customer service and 24-hour support, or the low cost? Or is the MSP more costly but more committed to the latest technological upgrades and constant improvement? Companies should determine what is most important to them at their stage of growth and choose an MSP according to that specific competitive advantage.

3. Does the MSP offer after-hours or onsite support in the case of an emergency?

Depending on where your company is located globally, natural disasters could be a serious risk for your IT infrastructure. Your company could also be a victim of a data breach. No matter what the worst-case scenario is for your business, it is a huge bonus for the Managed Service Provider to offer immediate and onsite support at all times in case of any emergencies. If your company is in an area more at risk of a natural disaster, it is important to determine which providers include on-site support as some only offer remote guidance.

4. Does the MSP offer an all-inclusive support plan?

An All-Inclusive support plan works out to the benefit of both parties; the MSP and the company using their services. A flat-fee arrangement motivates the MSP to perform quickly, whereas an hourly billing service may not be ideal for a starting company strapped for cash.
Make sure you are fully aware of what is included in the all-inclusive service plan. Some examples of services to look for include:

Choosing a Managed Service Provider is an exciting step to take, but one not to take lightly. The right provider can tremendously help your business improve technological efficiency. It is important for any company no matter how small or big to do proper research and consider the above essentials to make an informed decision.

By: Joanna Ambros, MBA

How Companies should React when a Ransomware Attack Occurs

How Companies should React when a Ransomware Attack Occurs

Imagine the following worst-case scenario: your company has taken the right steps to protect its employees, customers and data from cyber-attacks, and yet a ransomware attack still occurred. Now what? It happens; no company is fully safe from today’s rising cases of cyber-attacks and data breaches. Even with the most secure platforms, hackers may find discerning ways to infiltrate the system. How a company reacts in the first few hours and days following a cyber-attack is crucial.

First Step: Recognizing the signs of a data breach

Employees must be educated and empowered to immediately inform their IT department if they suspect a ransomware attack has occurred. Employees may feel guilty and embarrassed if they believe they are at fault of letting a data breach happen. However, if the threat is not addressed immediately, the consequences could be more severe. The best way to damage control is to respond to a security threat immediately. Signs of a data breach include but are not limited to:

  •         Locked accounts or changed user credentials

  •         Missing funds or assets

  •         New suspicious or unknown files

  •         Reduced Internet speed.

Next: Determine and isolate the systems impacted.

Early on, only a few computers may be affected in the attack. In this case, it is crucial to disconnect the affected hardware from the system. The network should then be taken entirely offline. If the network cannot be taken offline, all devices should be powered down. It is important to however note that in that case you may lose some evidence of the attack which would be beneficial for the authorities. Best course of action is therefore to take the entire network offline at the switch level. Once damage control is done, the company may begin restoring critically important systems based on priority level.

Final Steps: Engage the right stakeholders

Depending on where your company is located, you may want to contact the FBI or the police once the first step is complete and the affected systems are isolated. It is important for your IT department to identify what information the hackers may have infiltrated for the authorities to try to salvage the situation accordingly. If the hackers ask for a ransom, do not attempt paying them right away but rather let the professionals handle it. Majority of the time, even if a ransom is paid, data has already been stolen or compromised. The next relevant stakeholders to contact would include managed security service providers, your cyber insurance company, and the board of directors and other developmental leaders.

Lastly, your company will need to find a proper way to disclose its data breach to either the public or simply just the affected customers; this will depend on the impact of the attack and how many potential customers’ data was affected. Your communication department can handle this appropriately. Customers whose data has been compromised need to be informed right away. Although loss of trust from customers is a serious consequence of ransomware attacks, if handled appropriately, it is possible for a business to rebuild itself and regain trust from the public.

 

By: Joanna Ambros, MBA