Earlier this year, an attack was carried out against IT service providers. This attack was so damaging that the Department of Homeland Security and FBI Cyber Unit issued high priority alerts. It was the kind of attack that IT providers dread…and it quickly revealed who among them was prepared and who was not.
In this attack, hackers targeted a customer management tool used by a very large number of IT companies, Connectwise, with ransomware. The result? Thousands of IT companies were locked out of their clients’ systems (and their own), creating massive downtime and data loss for everyone involved.
Of course, the hackers demanded a ransom to unlock these systems. In this case, the ransoms totaled well over $2 million.
How Did the Connectwise/Kaseya Attack Happen?
Believe it or not, the attacks did not affect IT providers who kept their systems updated.
The security vulnerability that allowed for this attack was discovered back in 2017 by Connectwise. The flaw existed in its plugin for Kaseya, a remote management tool, which allowed its servers to be accessed without providing identification. Connectwise subsequently released a patch and filled the security gap.
However, we know now that hundreds of Connectwise users did not deploy the patch. IT companies, ostensibly staffed with cybersecurity professionals, left the door wide open for years.
A crucial mistake on their part, certainly. But it was their clients who ended up with disruption, downtime, and lost data.
How could this have been prevented?
The answer is obvious at first glance: keep your systems up-to-date. IT professionals are quick to hand out this advice, but it’s clear that many are not following it themselves.
This is where the culture and operational maturity of the IT company you choose to work with comes into play. It’s easy to imagine that small or disorganized “start-up” IT companies might miss something like this, but established IT providers with codified procedures should not.
Your IT provider should take security very seriously — it’s your business on the line, after all. This stance should permeate their entire organization.
NCC is dedicated to providing the best cybersecurity solutions, and that dedication resonates through our company from top to bottom. The level of professionalism required to keep our clients safe in a high-risk landscape is part of our recruitment and training process.
Is your IT provider doing what’s necessary?
IT companies face hundreds of cyber attacks each and every day. We are considered “target rich” by hackers, because gaining access to an IT provider often means access to their entire client list.
What do we do to make sure hackers are not victimizing us or our clients?
- Layered Security Stacks
- 24/7 Threat Monitoring
- Regular Compliance Auditing
- Anti-virus Protection
- Anti-spam Protection
- On-Site Training
- Web Filtering
It’s important to ask your IT provider about their approach to cybersecurity.
Are they serious about your security, or are they just putting on a good show? Do they have processes in place to ensure continuous security? Can they show you the solutions and layers in their security stack that you’re trusting to protect your business?
If your IT provider can’t answer these questions quickly and to your satisfaction, you could be gambling with a company who is incapable of providing the level of security needed in the current landscape. Rather than leave it up to chance, let us show you how we protect ourselves and our clients.