There’s one thing that you can count on in the news right now and that’s another report of a data breach or ransomware attack. They seem to be more and more frequent with the hackers demanding higher ransom amounts to have valuable company data returned. Recently, it was the Kaseya VSA remote monitoring and management platform that was hacked by the REvil ransomware group. It is estimated that this data breach affected around 800 to 1,500 companies.
Just to give you an idea of the number of attacks we are seeing, the US government HHS has already reported a total of 82 ransomware incidents worldwide as of the end of May 2021, with 48 of those incidents impacting the healthcare sector. According to the experts in a recent PBS report, not only is the number of ransomware attacks on the rise but the publicity around them has also increased in part due to the price of ransom that is demanded.
What should you do to avoid such an attack at your company?
The Cybersecurity Infrastructure and Security Agency (CISA) recommends that if companies use a Managed Security Provider (MSP), that they do the following:
- Download the Kaseya VSA Detection Tool. This tool analyzes a system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IOCs) are present. - Enable and enforce multi-factor authentication (MFA) on every single account that is under the control of the organization, and—to the maximum extent possible—enable and enforce MFA for customer-facing services. - Implement allowlisting to limit communication with remote monitoring and management (RMM) capabilities to known IP address pairs, and/or - Place administrative interfaces of RMM behind a virtual private network (VPN) or a firewall on a dedicated administrative network.
CISA and the FBI also recommend that all companies:
- Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network;
- Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available;
- Multi-factor authentication; and
- Principle of least privilege on key network resources admin accounts.
If you are concerned about recent cyberattacks and want to learn more about protecting your business, here’s how the Ostendio MyVCM platform can help:
Manage your data using one platform - The best defense against any security threat is to exercise good security hygiene. Ostendio MyVCM is a single, integrated Cybersecurity and Risk Management platform that works in conjunction with all business operations to deliver perpetual security that's always on, always secure, and always auditable. Ostendio MyVCM becomes the primary organizational process for onboarding and offboarding employees; creating, approving, publishing, and distributing essential policies and procedures; distributing and assessing training; tracking and managing assets; setting up and managing recurring tasks; tracking and managing incidents; supporting change management; conducting internal and external assessments; and much more. Each Ostendio MyVCM module provides deep functional support for specific security and risk management domains. Used collaboratively they provide a fully Integrated Risk Management solution.
Know your risk - the best way to figure out where you are vulnerable is to have professionals run a risk assessment that will show you where your weaknesses lie so you can address them. The Ostendio MyVCM platform will not only help you conduct an effective risk assessment, but the Risk Management module will help you implement effective risk mitigations
Employee security training & phishing simulation - the Ostendio MyVCM platform includes relevant data security training for all employees. Many recent hacks have occurred due to employee error and phishing attacks are on the rise. By educating all employees about phishing and other types of cyberattacks you will be taking a valuable step to protect your business.
Vendor Risk Assessment - Traditional vendor risk management has relied on static surveys that vendors complete and mail in. There is no way to validate the responses because the supporting documentation isn’t linked. Often, the information doesn’t stay current as vendors change their security programs, company requirements evolve, and regulations change over time. MyVCM Vendor Connect solves this problem by creating a living ecosystem of vendor assessments. Companies can invite vendors to create and maintain online records of their security and compliance readiness via assessments. Responses link to supporting documentation that is easily accessed and kept up to date. Companies can designate assessments to vendors based on specific regulations, or tailor them to their specific requirements.
In response to the latest Kaseya incident, the Security Analysts in the Ostendio Professional Services team have created a simple, standard assessment to assist Ostendio MyVCM customers with an investigative process. The Ostendio Customer Success team is also assisting customers with ways to use the MyVCM platform to ensure they have protected their organizations, as well as sharing best practices for using MyVCM Vendor Connect to require vendors to complete a similar risk assessment.