7 Key Takeaways From the Kaseya Ransomware Attack
By now you’ve seen the headlines about the Kaseya cyberattack – one of the largest ransomware events in history that unfolded over the 4th of July weekend. This attack, which targeted Kaseya’s remote monitoring and management tool for handling networks and endpoints, immediately caused a ripple effect across the IT supply chain, affecting roughly 50 Managed IT Service Providers and 800 – 1,500 of the small to medium-sized businesses that they serviced.
Unfortunately, this not only makes Kaseya the latest name to add to a growing list of high profile organizations such as Microsoft, Juniper, Solar Winds, the Colonial Pipeline, and many others to be breached, making makes it one of the largest. The cybercriminals responsible for the attack reportedly demanded upwards of $70 Million to restore the affected systems.
Rather than re-tell the story of what happened, which you can find from dozens of articles, like this one from ZDNet, we’d like to share a few insights all businesses should take away from the situation.
1 – It’s not a matter of if, but when
We sincerely hope the sheer volume of breaches seen in daily news feeds has every business realizing YOU WILL BE HIT AT SOME POINT. All the companies listed above had invested heavily in hardening their security posture before they were breached (and continue to do so), but the bad guys found a way in. Even small businesses that think they’re too small to matter to cybercriminals are targets.
2 – You need an incident response game plan
In Kaseya CEO’s response, he pointed out that only one of 27 of their modules was compromised because of the quick and decisive action they took when they realized what had happened. If they hadn’t had a response plan and acted according to it, the damage could have been far worse – for them and their customers.
3 – Cyber insurance is necessary – But not all policies are created equal
As stated above, eventually your network will be compromised. And even if you have an incident response plan that you follow by the book, you could experience financial repercussions. Cyber insurance can help you weather that storm. But like all insurance types, not all policies are created equal. Watch out for policies that are more interested in forensic reports to understand how it happened than getting your business back up and running. You can do both.
4 – Backups are your best friend in a breach
In every security incident, we’ve remediated, one of our first go-to actions is to evaluate the organization’s backups. If set up properly, following 3-2-1-0 backup best practices, the disaster recovery time is significantly reduced, and paying the ransomware is not even a consideration. However, if you don’t have a well-constructed, business continuity/data protection plan, a ransomware attack can be catastrophic for a business.
5 – If you don’t have a security roadmap, you need one
If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China. For this reason alone, you need a well-documented, security roadmap that is discussed monthly (or even better weekly). In every breach remediation, we’ve worked on, the client would have saved thousands in remediation costs if they had some of the fundamental protections in place. Our 5 steps to strengthen security is a good place to start if you need help in doing this.
6 – Establish a culture of security
Unless your employees are all cybersecurity experts, they are by far your biggest liability. And even though this particular breach came through a different avenue, it doesn’t change the fact that over 90% of breaches originate with employees clicking on a phishing email. This is why strong passwords, multi-factor authentication, and building a culture of security that includes security awareness training is so crucial. We like to think of our employees as a human firewall.
7 – The pros of RMM outweigh the cons
As mentioned above, it’s not a matter of if you’ll experience a breach, it’s a matter of when. And because of this, you need reputable remote monitoring tools to manage your network – whether deployed by an MSP or yourself. The service of keeping endpoints and networks patched and up to date is absolutely critical in today’s world.
“According to a 2019 Security Boulevard study, 60% of breaches reported were
linked to patches that were available, but not yet applied.”
The point is that even though Kaseya and the MSPs affected may have lost the trust of their clients right now because of a vulnerability in their RMM tool, the service they have been providing has prevented criminals from exploiting unpatched networks for years. It took a very sophisticated, coordinated attack by a criminal organization to exploit this vulnerability. If your networks are unpatched, it doesn’t require near that level of effort or sophistication to get in and deliver a payload.