From reports of numerous former employees, Kaseya leaders knew of and failed to address cybersecurity concerns going back to 2017 (Kaseya Failed to Address Security Before the Hack). Unfortunately, as a result, 1500 managed service providers and possibly more, experienced significant disruptions due to the ransomware attack.
For those 1500+ companies, the million-dollar, or in this case the $70 million Bitcoin, question is – Were there early indicators that, if known, could have prevented the disruptions?
Cyberattacks, like the Kaseya ransomware attack, are often the result of a cascading risk scenario. They originate in a seemingly unrelated area, but like a domino effect, these risks topple over and spread their influence, increasing in intensity with devastating effects.
To illustrate this point, there were early indicators, including the previous ransomware attacks that occurred between 2018 and 2019:
- Employee attrition – Reportedly employees quit over frustration that new features and products were being prioritised over fixing cyber susceptibility issues
- Negative employee ratings – As evidenced by many social media posts from current and former employees going back to 2015, the working environment was not considered employee friendly
- Location risk – Software development positions previously in the US were outsourced to Belarus. Belarus is flagged as a high-risk location with known governance, IP, cybersecurity risks and more. Its close political allegiance with the Russian government presents a significant security concern.
The key to mitigating cascading risks is to take proactive steps to intervene early, but to do so requires early warning of trouble. How do you accomplish this?
Through continuous risk intelligence from a solution that monitors for changes across the entire risk landscape, beyond cyber to include financial, people, compliance, governance, operations, location, Nth party risks and more.
Best Practices: Continuous Full-stack Monitoring Beyond Cyber
The best defense against cascading risks and disruption avoidance is a proactive approach that leverages early warnings to mitigate or even avoid disruptions. This requires continuous risk intelligence from a solution that is always-on and monitoring for changes across the entire risk landscape. Full-stack monitoring goes beyond cyber to include financial, people, compliance, governance, operations, location, environmental, social, Nth party risks and more.
Supply Wisdom is the market leading patented, continuous, always-on, full-stack risk intelligence solution that provides our clients with the early warning necessary to mitigate risks before they cascade into cyber vulnerabilities.
Our continuous, near real-time, no noise, Intelligent Risk Alerts, provide the early warning and expert disruption avoidance guidance that enables risk management and the business to take proactive steps to mitigate cascading risks with the potential to increase cyber susceptibilities and the risk of cyber-attacks.
I’m sharing a link to the resource the Supply Wisdom team created for our clients dealing with the Kaseya attack here. It contains updates on the attack and recommendations outlining:
- Steps to resume VSA servers and connecting to the internet
- Fixed vulnerabilities
- Implementation of additional security measures
- Maintaining business continuity and resilience amid increased cyberattacks
We launch an incident management hyper-monitoring and cascading risk review like this each time a major disruption occurs and share that with our clients. I hope you find this resource useful.
For further reading on why cascading risk requires continuous monitoring across a wider risk aperture beyond cyber, I recommend this article published in Security Magazine. I hope you find it insightful.
Want to see Supply Wisdom in action?
We’d be happy to set up a demo so we can share how Supply Wisdom’s unique, continuous full-stack monitoring solution can enable your enterprise to improve resiliency in the face of ever-increasing cyber-attacks and other business disruptions.
Simply call DVV Solutions on +44 (0) 161 476 8700 or complete our Contact Form.
About The Author
John Bree is Chief Evangelist and CRO of Supply Wisdom and Neo Group. Prior to joining Supply Wisdom, John held senior positions in New York, Tokyo, Singapore and London for Citi and Deutsche Bank covering corporate, investment, commercial and consumer banking operations. John has delivered cost efficient and operationally effective programs across the globe, ensuring compliance with local and global regulatory requirements. John is also long-standing member of the US and UK Steering Committees and Co-Chair of the Financial Industry Vertical Strategy Group.