Preparedness is only a starting point when it comes to cybersecurity. Hear two MSPs talk about the lessons they hope others can take from the cyber incident that sent their heads spinning. Boxer Mike Tyson said that everyone has a plan until they get punched in their mouths. That’s exactly how Robert Cioffi, Progressive Computing Inc. felt after experiencing a cybersecurity attack firsthand.
Jay Tipton, Technology Specialists, and Cioffi opened up about their hacking experiences during a panel discussion at ChannelCon 2022. Cioffi stated that cybersecurity is a matter of being prepared.
“You can’t cover all permutations; we don’t possess infinite resources.” He said that you have to do enough to be prudent, and that you need to keep improving and trying again. “Experience is a great teacher.”
A Tale of Two Hacks
Wayne Selk, CompTIA’s vice-president of cybersecurity programs, hosted the panel discussion at CompTIA ChannelCon. He said that there was a headline-making July 4 cybersecurity breach that affected approximately 1,500 companies. While hackers demanded $70million from their victims, Tipton & Cioffi spun out instead of diving in.
Cioffi stated, “I’m not a touchy feel type of guy and stress to me means something you deal with but in that high-stress situation we were literally coming apart at the seams, in ways that are beyond my comprehension.” “Everybody in our company looked up to me as the guy who had all the answers, and I was staring into the abyss.”
He experienced stress that caused him to freeze, a common traumatic stress response. Tipton also faced the same problem. His problem-solving skills were not able to cope despite having a 100 priority list and an incident plan. Tipton stated that he couldn’t make a decision and couldn’t process the information. To get them to refocus and be ready to work on a solution, it took the support of cybersecurity community confidants.
Unexpected Challenges
Tipton had an incident plan, but it did not do him much good. The attack seized the only copy. Tipton stated, “Everything was on [the platform]” “What if it goes down?” was something I didn’t think to consider. “What if it’s not there?” Eventually, he remembered a backup that was uncorrupted and could access the plan. But he didn’t realize this until a full-day later.
Cioffi was challenged to communicate the right message. He couldn’t understand the suggested language so a breach coach helped him. “I said, “If I give them that legal talk, it’s going be destroying 30 years of relationships.” Despite a data breach, it’s important to maintain communication and manage business relationships.
Another thing that solution providers didn’t account for was the actual speed required to bring all data back online. Tipton stated that 16 terabytes were needed for one client. It took longer than expected to recover from the attack.
What MSPs can learn from getting punched
It’s been more than a whole year since the cybersecurity incident that sent Tipton & Cioffi spinning. They’ve had time since to regroup and use their experience to help other MSPs. Trend Watch
1. Multiple plans possible
Make sure that at least a few people are able to access both the general response plan and the more specific disaster recovery plan. Tipton stated, “It used be that I was the only one who knew about the plan.” He has taken the responsibility off his shoulders and made hardcopies the incident recovery plan. These are kept in a safe location.
Data breaches are not the only reason for plans. Companies need plans to ensure business continuity, disaster recovery, and incident response — an ice storm could cause as much downtime or cyber attacks.
“Planning is important, but it’s not the ultimate goal. Cioffi stated that you need to create a process where you can take these out, and then use them.”
2. The Process is easy to do
You don’t have the time to think about an attack when you manage it. You need to be able do it in your sleep. A cyber attack can trigger a freeze response, as Cioffi and Tipton discovered. Selk said, “When the rubber meets road, the stresses will kick in and you’ll go blank.”
Your entire team, from development to marketing and HR, should practice your plans.
Cioffi said that “We wasted a good three hour in vacillating, calling the wrong people, and doing the wrong thing.” “Thankfully, we didn’t cause any harm to ourselves, but it would have been much easier to get on top of it sooner.”
3. Communicate Carefully
If you missed 10 Things You Didn’t See at ChannelCon, “breach”, the new four-letter word, is what you need to know. During a cybersecurity
