Don’t be fooled that your IT security is in order. It happens to the best. And it has happened to someone you know. They just don’t talk about it.
Below is a real TCA member case study shared by a TCA member who oversees a mid-size carrier headquartered East of The Mississippi.
The email came in stating we were under attack. All 30 servers were taken down and encrypted. Admin lost access to their Microsoft 365 accounts.
IT. WAS. TORTUROUS.
I am writing this anonymously today as I am still swimming on the deep end of the pool. I know you want to hear this from someone that has been through it. I recommend you also watch your vendor’s cybersecurity webinar that was sent to you last week. 2020 brought tremendous change to the cyber space. What you learned in 2019 isn’t enough to protect you in 2021. I was actively taking steps to improve our IT security and infrastructure. We had an IT audit. We were far from complacent. And still didn’t do enough.
The more I share my experience the more I have learned how common this is. People are being told to stay quiet about these attacks to ensure there is no public embarrassment or customer recourse. This just gives the threat actor more victims. Every ransom paid gives them another reason to attack 10 more businesses. $26 Billion of cyber ransoms were paid in 2020. This only includes what was reported. The lockdown has caused attacks to sky rocket.
These attacks are happening daily and at all times of the day. We all have a target on our back. The bullseye is even larger if you received PPP funds. It is public record. They are going through the list.
I want to get this information and simple actions in the hands of decision makers.
Get Multi Factor Authentication (MFA) set up for all users
-
Require MFA for email and server access
-
Adding hurdles will defer them to an easier target
-
MFA is included with Microsoft 365
-
Yes, an end user will complain. Don’t let this be an excuse.
Purchase a cyber-policy if you don’t have one already
-
Even with a policy, you don’t want to go through this
-
Don’t wait for your insurance renewal. DO. IT. NOW.
-
The insurance carrier will call out your shortcomings.
-
Coverage denied? Fix your network vulnerabilities.
Test your system. Validate what you believe to be true.
-
I thought our system was locked down to only countries we did business with
-
Do your servers have MFA?
Test your back up.
-
We backed up every four hours
-
Segregate and protect the back-up
-
We had a non-Windows based back up that we successfully restored
Have you confirmed all servers are backing up?
-
We had one that wasn’t. $20,000 was the cost to rebuild.
-
Train your team on phishing emails
-
Human error is your greatest weakness
-
Do you have an action plan if this happens to you?
-
Does your 2nd/3rd shift know that to do?
-
Who will be your first call?
IT. IS. REAL.
It is by far the worst thing I’ve endured in my career. Take action. Verify. This is a fire you want to avoid rather then put out.
