Client Corner #2: A Tale of Two Breaches

spying, eye, spy

We’ve been focusing on security the last few weeks. This week we want to specifically talk about breaches and with good reason.

This weekend, a ransomware attack shut down a major U.S. Gasoline Pipeline and even more recently another ransomware attack took down Ireland’s health care system.

These incidents show that cyberattacks are getting more sophisticated, and perhaps Colonial Pipeline and Ireland’s health care system did not have sufficient security to defend against such attacks.

Every organization has to decide where to mitigate risk and sometimes unfortunately not enough is done until after a breach has occurred.

Below are two cautionary tales that hopefully will help inform your leadership before you feel the pain of a breach.

Security Breach #1: A Compromised Email Account and a Lack of Urgency

The first client just signed up with us last month.

Before working with us, this client took a “DIY” approach to their IT.

As always, we support DIY if you or someone on your team has the IT experience and know-how.

The owner, however, had decided it was time to have someone with more experience take over the IT side of the business, which is where our partnership began.

To start, we moved the client’s Microsoft 365 licenses over to TechHouse.

The owner opted for a phased security approach; however, we discovered one mailbox had already been breached as soon as we transferred them over.

We locked it down right away, but unfortunately, the forensics were limited due to the lack of security tools in place at the time of the breach.

It’s not enough to configure your environment to protect you anymore. You must also make sure auditing is enabled, so if a hacker breaches your environment, you have the forensics to figure out when and how they got in.

We asked if the owner would like to accelerate their phased security roadmap, but they replied, “No, we’ll just hope nothing else comes up.”

Again, as a partner and consultant, we can only make recommendations to our clients, but a “hope and pray” approach to security is inadvisable, especially after a breach.

We enable auditing with our Security Hardening, and depending on your Microsoft licensing, there are different options available for auditing and activity logs.

We recommend every organization that chooses to partner with us start with a Security Hardening.

Security Breach #2: Impersonating an Executive from the Inside

One of our referring partners asked us to help a client of theirs last month, but the client had to cancel their meeting with us when they had found out they had been breached.

A hacker found their way into their system and compromised an executive’s email account.

The hacker then impersonated the executive without anyone else noticing.

Once the hacker had access to the account, they sent emails and set rules to delete them from the outbox immediately, so the victim never even knew they had been hacked.

This company didn’t find out until it was already too late.

The hacker ended up fraudulently wiring $250,000 from the company’s bank account to their own pockets.

This money, now lost to the company, will directly fund the hacker’s cybercrime operations to make matters worse.

A Proactive Approach to Security is Necessary to Prevent Breaches

Cyberthreats are real. Security breaches happen.

They are now in our daily news cycle and affecting the lives of ordinary people around the United States and the world.

If your company hasn’t been breached before, the threat may still feel like it’s “out there,” and cybersecurity isn’t something you need to worry about.

Trust us, you don’t want to wait until the threat feels real and your organization is compromised.

The only way to prevent attacks is to have a proactive cybersecurity plan in place.

Working with a partner is the best way to protect your organization (and heeding their advice).

If you have been breached or if you need a plan to prevent breaches from occurring, contact us today to see how we can help.