Just as the pandemic impacted technology investment and brought to light the need to do some “spring cleaning on technology debt”, the corresponding quarantine has changed the way we view work, including how we resource, build, and organize teams for collaboration. All organizations, including Presidio, were forced to quickly adopt and adapt to a remote workforce, with a greater emphasis on human-centric approaches to managing worker productivity quickly overshadowing the traditional office-centric design.
Insight Blog
The truth is that you’re going to pay for cybersecurity one way or another. So, it’s better to invest now while the cost is much lower and more predictable. As a business owner, you have lots of projects vying for your time and money, and let’s face it, anything that’s not a revenue driver is easy to push to the bottom of the list. Unfortunately, cybersecurity too often falls into this category. Companies may tell themselves, “We already have security in place. We have a firewall; we have antivirus software; our critical applications are password-protected.” The reality is that you’re probably well aware that cyberattacks have exploded in the past 18 months, both in terms of frequency and seriousness. This year, for example, the damage costs from cybercrime are expected to reach $6 trillion, up from $3 trillion in 2015. To put this number in perspective, if it were measured as a country, cybercrime would be the world’s third-largest economy after the U.S. and China. In the past, data breaches were about data loss and the potential harm to the victim’s reputation. Today, however, we see attacks that result in significant operational delays and setbacks.
If the term endpoint security still evokes images of signature-based antivirus software, it’s time for a refresher on how critical this technology is to your organization. Time seemed to speed up over the past 18 months, with so many changes taking place in such a short period. For example, within the business world, digital transformation initiatives accelerated by seven years, according to a survey from McKinsey & Company. Besides the massive shift to remote work and new collaboration technologies, many companies had to update their security strategies.
In the blink of an eye, digital transformation leapt from to-do list item to daily lived reality for most companies. A global pandemic and its attendant business, social and personal consequences changed everyone’s plans, big and small. Ready or not, companies responded to a culture of social distancing by creating virtual workplaces on the fly. Suddenly the conceptual challenges of a digital business – access, resources, process, security considerations – have become extremely tangible. We collectively experienced a decade’s worth of technology adoption and business strategy executions in under two years. In the process, we have learned that digital business transformation is the ultimate challenge in change management because it impacts industry structures and strategic positioning—not to mention every task, activity and process within the organization.
While there’s no silver bullet to preventing a ransomware incident, following security experts’ recommendations will greatly reduce your vulnerability. Thousands of Americans experienced the trickle-down effect of a ransomware breach in early May following the Colonial Pipeline attack, which shut down the oil supplier’s operations and left many scrambling to find gas and waiting in huge lines when they did. The attack originated from DarkSide, a Russian-linked criminal group, who threatened to leak the utility provider’s sensitive data unless the company paid a $4.4 million ransom.
How you respond to a security incident can determine whether the problem gets fanned into flame or extinguished. When companies plan their cybersecurity strategies, there’s often a lot of time spent talking about and testing various security solutions, backup and disaster recovery tools and security awareness training options. All these actions are vital components to building a strong security posture, but they’re not the first thing companies should be thinking about. One of the most important foundational activities organizations tend to put off until it’s too late (i.e., post-incident) is creating a plan that details how your company would handle a security incident. While it might sound a bit defeatist to create a plan that assumes the security tools and services you’re about to invest in to prevent a security incident are going to fail, it’s not the case. First, not every security incident is a worst-case scenario like the Colonial Pipeline attack that resulted in a $5 million ransom payment. Often, an incident is something much smaller, such as a failed attempt to breach your defenses. The second point is that a small security incident can become a serious threat if the incident response isn’t handled properly. More on this point below.
These security missteps represent common low-hanging fruit attackers seek to infect companies with ransomware and other costly exploits. Before the pandemic, cloud adoption was already expanding rapidly, and it accelerated even faster once companies had to make urgent changes to their business operations. For example, the Flexera 2021 State of the Cloud Report found that 61% of companies made slightly higher-than-planned cloud investments and 29% made significantly higher-than-planned cloud investments in 2020. However, besides the overnight changes in how companies work, another area witnessed explosive growth: cyberattacks. According to a research study by Deep Instinct, ransomware attacks increased 435% in 2020 compared with 2019, and malware increased 358% during the same period. Additionally, the average ransomware payout has grown to nearly $234,000 per event, according to cybersecurity firm Coveware.
Like Maslow’s hierarchy of needs, the IT foundation – compute, storage, network – are the food, safety, psychological and self-actualizing resources needed to run applications and access data at a fundamental level. Without them, cloud is not achievable at the scale and performance level companies need on their digital journey. Still, we run into companies who question whether their existing foundation needs to be modernized at all. Let’s discuss why “Modernize the Foundation” is such an area of focus.
Imagine the following scenario for an online retailer: During a holiday weekend, the retailer sees a dramatic spike in site visitors after heavily promoting a sales event. On Tuesday morning, the sales and marketing teams meet to review the results. To everyone’s surprise, the spike in traffic resulted in very few sales. Interestingly, the report shows that many site visitors were deep into the sales process before abandoning their carts. For the rest of the week, the staff proposes several theories regarding why visitors didn’t complete their purchases.
Earlier this month, Russian-linked cybercriminal organization, REvil, launched the single biggest global ransomware attack on record. The breach infected thousands of victims in more than 17 countries and demanded $70 million in cryptocurrency to unscramble all the infected machines. What made this breach especially noteworthy was the specific conduit the criminals used to gain access to the victims: Kaseya VSA (virtual systems/server administrator), a remote monitoring and management (RMM) solution. RMM solutions are commonly used by managed services providers (MSPs) and managed security services providers (MSSPs) alike. What makes them particularly attractive to cybercriminals is that each MSP/MSSP breach has an enormous trickle-down effect. For example, CBS News reported that Swedish grocery chain Coop had to close most of its 800 stores for multiple days because the attack crippled their cash register software supplier. Thus, not only do these “one-to-many” attacks lead to more victims in a shorter period, but they also lead to bigger payoffs for the attackers.
