Over the weekend another major crypto ransomware attack occurred, this time through an enterprise software vendor called Kaseya.
For many CEOs or business owners, that name might not be familiar, since many of the companies that use this software are Managed Service Providers (or MSPs). The MSP uses the Kaseya software to manage their client’s computers. This kind of attack allows the cyber criminals to maximize the damage by attacking not just one or two victims, but instead attacking one company that has connections to hundreds of other companies.
The technical details of the attack can be found here in this Threatpost article, Kaseya Patches Imminent After Zero-Day Exploits | Threatpost. If you have been impacted, you can track updates from Kaseya here on their website update link: Important Notice July 7th, 2021 – Kaseya
So what should you do if you have been impacted by this criminal attack? I’ve had similar considerations in my time as a security leader—here’s my take.
First, if you have cybersecurity insurance, hopefully you have called your insurance provider and you are working with them to obtain the necessary resources to get back up and running.
Second, once you have a minute to stop and think, review what other vendors you depend on to function as a company.
Do you have a payroll provider? If so, you will want to assess the maturity of their security program— perhaps by examining the results of an independent audit, such as a SOC Type II report, to see how they are protecting your data.
Do you have vendor partners who have access to your company network? If so, you want to review how they protect their networks from cybercriminals so that if they are attacked, you don’t become a victim as well.
Do you use an MSP to help you manage your computers? If so, you also want to understand the measures they take to protect you from cybercriminals. Do they require multi-factor authentication (MFA) to access your network? Do they regularly update their computers and network to prevent attacks by cybercriminals using known vulnerabilities? Are they doing the same types of risk reviews you are with their own third-party service providers and vendors? There’s a lot to consider when assessing the security of your supply chain. If you have questions about cybersecurity insurance, what a “SOC Type 2 audit” is and how to interpret the report, or how to know if your MSP is protecting your data, contact the CBTS Security practice.
John is a veteran technologist, CTO and CISO. He has nearly 30 years of experience building and running enterprise IT and shepherding information security programs towards maturity, based on industry standards like ISO27K and NIST CSF, as well as regulatory compliance requirements from PCI-DSS, HIPAA, FERPA, A133 and GDPR.
John has several GIAC certifications (GSEC, GCIH and GCWN) and has been active in the local information security community, through groups like Infragard and the Higher Education Security Council for EDUCAUSE. He holds BS and MA degrees from Xavier University and has served as an adjunct professor at Xavier and the University of Cincinnati.