Looking at the recent Cyber Security Supply-Chain attack on Kaseya by REvil, it’s time we realize that Zero-Day attacks will always be a major threat and will continue to affect all businesses. We recommend a layered approach to achieving Cyber Security resiliency in reducing the risk of being compromised and providing a faster response to minimizing the damages.
Fortunately, this breach was limited to a small subsection of their clients that are on legacy (on-premise servers) instances of the Kaseya software. Our cloud version of the software was not affected in this breach and so none of our customers were affected.
We get approach by businesses every week that have been infected and encrypted with ransomware. Here are some of the lessons we’ve learned and how your business can be more defensive and properly prepared if something does happen.
Lessons learned:
-
CLOUD BACKUPS: Backups are the most important preparation for a Ransomware attack. Understanding where your data is stored and how it is being backed up is critical. We’ve come across many businesses that had backups in place, but where these backups were being stored was not properly protected. Ultimately, these clients’ systems and backups were encrypted by the ransomware leaving little to no options to restore business operations.
-
DISTRIBUTED WORKFORCE: It used to be that company data was protected within a building behind a firewall. With Remote and Mobile workers now being the norm, protecting the endpoints (Computers, Cell phones, Tablets) is now critical. Whether you in a coffee shop or your staffs home your business computers are exposed to every other risk on that network. Do you know what sites your 12-year-old in the other room is accessing down the hall? Are they safe? What did they download?
-
FIND THAT DEVICE: Don’t miss that one device. You need to know every computer and cell phone that has access to your data and protect them with layers of End-Point Protection and Management software. What computers are not receiving software updates? Which are not protected with Anti-virus and Anti-malware software? Which computers or cell phones are missing? Leaving one computer unprotected is like leaving the back door open for the criminals. Once inside the bad guys have full control to steal and encrypt your data.
-
MULTIFACTOR AUTHENTICATION: Usernames and passwords are no longer considered safe on their own. Multi-Factor authentication on EVERYTHING.
-
EDR (End-Point Detection & Response) SOLUTION: Cybersecurity services now have the ability to monitor 24/7 for Zero-Day attacks and stop them in their tracks from spreading through End-Point Detection and Response (EDR) software. The days of reviewing logs on Monday morning to see what happened on the network over the weekend are no longer acceptable.
-
ONGOING CYBERSECURITY TRAINING: Serious staff Cybersecurity training. In many incidences, the compromise starts with a malicious email that a user opens, opens an attachment or clicks on a link. If can improve staff judgement through mandatory training and email phishing campaigns, you can substantially reduce your risk of compromise.
We remain committed to providing the best and most secured IT service to our clients wrapped in fanatical customer service. We will leave no stone unturned to continue to deliver on that promise
Best Regards,
Bill Meyer
COO, CISO, TeamLogic IT
Computer Service & Network Solutions