Posts

Lessons from the Rackspace Attack

/in
ransomware

Cyber Security Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured

On December 2, 2022, a ransomware attack on Rackspace disrupted email services for thousands of businesses.  The attack encrypted files throughout Rackspace’s Hosted Exchange environment, one of the largest in the world.  The outage impacts mostly small and midsize businesses (SMBs).  While Hosted Exchange is only 1% of Rackspace revenue, the incident was large enough to warrant a filing with the Securities and Exchange Commission. We can all learn lessons from the Rackspace attack with respect to cybersecurity and response.

Lessons from the Rackspace Attack

1 Incident Response Must Be Quick

In their SEC filing, Rackspace noted that their “… information security team had strong incident response protocols in place that led to the quick containment of the ransomware attack.”  They were able to limit the damage to the Hosted Exchange service, protecting other aspects of the company’s operations and other services.

For SMBs like ours, speed is also necessary. Quickly identifying an attack and isolating effected devices is critical. An infected laptop can spread the infection to servers and through files sync’d into cloud storage (ie, OneDrive, Google Drive, Dropbox). From there, every connected device is vulnerable.

2 Recovery is Not a Sure Thing

Rackspace is NOT recovering customers’ Hosted Exchange service. The company is moving these customers to Microsoft 365.

Paying the ransom is not always possible. Paying a ransom does not guarantee that your get your data back.

3 Recovery is Difficult

As of December 12, 2022 — a full 10 days after the attack, Rackspace disclosed that about two thirds of its customers have been transitioned to Microsoft 365. Nearly one third of customers remain without email service. Rackspace is effectively abandoning its Hosted Exchange service.

The logistics of identifying recoverable data and understanding interdependencies is complex. Managing data restoration across multiple devices, systems, and data sets is challenging. Some data will be lost. Understanding which data, and how much data, has been lost is challenging.

4 Recovery is Big and Slow

Rackspace has hired staff and contracted with many Microsoft Fast Track service providers.  Even so, call wait times are still averaging about 30 minutes.  Rackspace is setting expectations, repeatedly telling customers that data recover will “necessarily take significant time”.

Starting with a clean system gets your systems up and running. How effectively can your run your business without your data?  Data recovery takes time, even from backups. While emails may be relatively easy to live without, what is the impact if your accounting system is unavailable for days or weeks?

5 Recovery needs Expertise

While Rackspace is a leading technology firm, they have hired outside firms to investigate the attack and remediate the incident.

Most IT firms servicing SMBs do not have the expertise or staff to respond to a cyber attack. Expertise and resources will be needed for investigations and forensics, data recovery, systems restoration, communications, regulatory reporting and compliance, and customer service.

6 Recovery is Expensive

Rackspace is actively promoting that it maintains sufficient cybersecurity insurance to cover the costs of the incident. Their SEC filing, however, does not indicate if or how they plan to compensate customer for their losses.

You will spend money … lots of money … beyond the cost of getting your data back, your systems restores, and your business back up and running. Regulatory filings, communication, legal services, and litigation can be a crushing burden that threatens. More than half of SMBs fail within six months of a significant cyber attack.

Steps You Can Take

Looking at the lessons from the Rackspace Attack informs how we should think about protecting our businesses and ensuring we can return to normal operations quickly and efficiently. Here are resources for you to learn more.

Earlier this year, we blogged about how Streamlining Security for SMBs can protect you from the most common and the most expensive types of cyber attacks without breaking your budget.  We held a webinar on the same subject.

Our Security CPR model outlines the three critical aspects of cyber security communication/education, protection/prevention, and recovery/response.  Our eBook, 15 Best Practices for Cyber Protection, dives into the model.

To discuss your security footprint, risks, and options, contact us by email, via our website, or by scheduling time directly with one of our Cloud Advisors.

Exchange Server Zero-Day Threat

/in ,

On March 3, 2021, Microsoft issued an emergency Microsoft Exchange Server patch alert for multiple zero-day vulnerabilities that are being exploited by a nation-state affiliated group. The order impacts on-premise Exchange Servers 2010, 2013, 2016, and 2019. Older editions are past end of life and do not receive security updates. Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments. The first priority is servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).

To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates, followed by the relevant security updates on each server.

The vulnerabilities and risk do not exist for any version of Microsoft Exchange Online. The risk does not impact any version of Microsoft 365 or Microsoft Office 365.

As discussed in past posts, one of the benefits of cloud-based solutions is the integrated management of the environment. You are not depending on how well your IT provider of staff keep up with maintaining your systems and your security updates. Moving your infrastructure to the cloud shifts the burden of maintenance and operations, letting your team focus on activities that help your run and grow your business.

Want to learn more, contact us and schedule a complimentary Cloud Advisor session.

Cyber Protection Solutions for SMBs

/in

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

Risk and Reward – Protecting the Value of Your Business

/in

Business ContinuitySeveral weeks ago, in a town not far from our headquarters, a massive fire destroyed a building housing six small businesses.  Our local business journal followed up a few weeks after the disaster with a poll asking business owners how prepared they are for a major disaster.

  • Fewer than 50% of responding business owners feel that they are fully insured, have an emergency plan, and could be up and running in a few days.
  • 39% feel that it could take a month or so, but they could eventually reopen
  • 17% felt they would be out of business or would required state and local aid to survive

While not a scientific sampling, the results are alarming.  Alarming for a few reasons:

  • Even with insurance, it can take days or weeks to get authorization so you can move forward with your emergency plan.  Securing a new location and replacing fixtures, inventory, etc. takes time, as does recovering computer systems and data.
  • More than 50% of businesses closed for 7 days due to a disaster fail within 6 months of reopening.  While many businesses might re-open in a month, the future will be challenging.

Your Risks are Yours

A major fire in a block of retail and service businesses creates specific challenges, as do storms and floods.  Many more businesses, however, experience disasters equal or greater in scope even if they do not have the same level of physical damage. Some examples we have seen.

  • A distributor of customized office supplies lost all electronic business records for the past three years when they where hit by ransomware. The attack corrupted their on-site backup servers as well as their main file and database servers.
  • A news publisher lost all of their physical servers, firewalls, and networking equipment when a sprinkler head failed in their small equipment room.
  • A small plastics manufacturer lost the ability to use their process control systems when embedded Windows workstations were corrupted by a malware attack.

In each of these examples, businesses with customer commitments, production schedules, and deadlines were idled for days. For some, full recovery can take months.  Beyond the hard cost of recovering systems and data, these businesses suffered from soft cost losses.  Missed customer commitments, delayed invoicing and collections, and the time employees spent on the recovery effort all have lasting impacts on your business.

Business Continuity is a not just a good idea, it is a responsibility. 

As business owners, our employees, vendors, and customers count on us.  While people can empathize with the impact of a fire, there is less understanding for businesses that fall victim to cyber crime.  Malware, phishing, ransomware and other attacks are generally preventable when your team is alert and aware of the risks and when you put reasonable identity, data, and system protections in place. And since no protection is perfect, you need to be able to recover quickly enough for your business to continue operating smoothly.

Here is some food for thought:

  • Know Your RTO:  Understand how quickly your business needs to Return to Operational.  Maybe you can work on paper for a few days. Maybe you need to be up and running in a few hours because you are at a standstill until systems are back online. Your RTO goal will guide your decisions on what protection and recovery/continuity services are the right match for your needs and budget.
  • Assess Your Risk: Understand the different disaster scenarios and how they may impact your business.  Think about physical issues, such as loss of power and catastrophic system failures, as well as other disruptions, such as cyber attacks and potential actions by a disgruntled employee.
  • Watch Your Flank: Asses how different types of threats could impact your business.  We are beyond hiding our computers behind firewalls. We still have physical threats, but we also have threats focused on networks, user identities, access control, third party services, and data sources and services. Each threat vector needs a plan for protection, response, and recovery.
  • Factor in Humanity: We used to talk about balancing security with ease of use.  Today, the humanity equation is different as most IT disasters take advantage of human factors like our fundamental desire be helpful when asked. In many ways, your team is your best defense. They need to understand the risks, the methods of manipulation, and the signs that something is not quite “right”.  Your team needs to understand the value of inconveniences like multi-factor authentication and enhanced privacy and access controls — that these protect them as well as the company.

Your next step.

Contact us.  It is time for a serious conversation about protecting the value of your business.  A basic assessment of your business continuity profile will identify risks and gaps. From there, we can discuss improvements and their business value so you can make informed decisions that balance your risks, needs, and budget.  Business Continuity solutions — from disaster prevention through recovery — do not need to bust your budget.   For most business, changes in security settings on existing systems paired with modest, incremental services provide the protection and recover-ability you need.

Cyber Threat Series Overview

/in ,

Protecting your network, systems, apps, data, and people is no easy task as the scope and variety of attacks continues to multiply.  You want and need to protection, but must make smart buying and decisions. Too little or too much means higher risk or unnecessary cost.

We see your business as a target not because we know cyber criminals have you in their sights, but because most cyber attacks throw a wide net and catch those who are unprepared. Appropriate measures to prevent, protect, and respond to cyber attacks has business value and should be part of your IT strategy and plans.

As a series of blog posts, this Cyber Threat Series intends to educate and inform. We will cover the types of risks and attacks and how to prevent them. We discuss solutions. We take a pragmatic approach that respects priorities and budgets.

Topics will include

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.

 

Webcasts

Next Normal: IT Efficiency

/in

(02/23/2021) – COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses. Are the IT choices made during the crisis the best for your business in the long term?

Read more

library

15 Best Practices for Cyber Protection

/in

eBook | Source: Cumulus Global 

Read more