SECURING A FAILING & VULNERABLE IT ENVIRONMENT
A CYBER SECURITY CASE STUDY
THE ATTACK
Our client was attacked by a highly sophisticated foreign entity on a weekend morning. The systems were in the process of being encrypted but an employee noticed the unusual activity and literally unplugged their systems, stopping the encryption. inSync had been helping with custom software support, but our network engineers were asked to come in to audit & evaluate their systems.
THE SECURITY AUDIT
We audited their extensive IT infrastructure at five different facilities, and presented our findings to their C-level staff. Our audit results concluded:
-
No firewalls;
-
No backups, local or remote;
-
Failing infrastructure including servers, switches...;
-
No antivirus protection on 225 machines including desktops, laptops, servers…resulting in a phishing attack;
-
Poor on & offboarding procedures of personnel resulting in significant O365 overbillings;
-
Inadequate digital file storage & backups of intellectual property.
Based on our results & recommendations, our client made a substantial IT infrastructure investment to protect, secure & stabilize their corporate environment.
Our client also laid off their 4 member senior in-house team & engaged one of our highly knowledgeable & experienced senior engineers. With the substantial investment in their infrastructure, there was an incremental decrease in labor maintaining their environment, reducing the hours from a collective 160 hours per week to 20 hours.
THE PRIORITIES, THE PROCESS, & THE INVESTMENT
1st: Secure their IT Infrastructure
Purchased & Installed Palo Alto Firewalls
Our first priority was to purchase, install, activate all licenses & subscription, & configure the Palo Alto firewalls. This is an enterprise cybersecurity platform which provides network security, cloud security, endpoint protection, and cloud-delivered security services. The firewalls also allowed site to site connection & VPN for secure remote connection.
2nd: Back Up Servers Locally & Remotely
There were no server backups of data/applications, or of their media. Backups are crucial to protect data in case of a system crash, data corruption, hard drive failure, ransomware attack...We recommended Veeam Software, an industry leading backup, recovery & replication software. And the client purchased new NAS drives to backup data locally & at one of their remote locations. We also recommended an automated cloud backup to provide daily offsite backup. Altogether there are 3 redundant daily backups complete - locally, at one of their remote locations, and in the Cloud.
3rd: Manage Office 365 to Minimize Cost
Our clients' email server had a catastrophic failure & their Exchange server was not backed up. Their email was down for a number of days and was eventually migrated to Microsoft 365 resulting in a fairly significant impact on repetitive overhead. $8,000/month.
inSync would present the costs versus benefits of an Exchange solution versus a Microsoft 365 because the company had 500 employees & O365 costs gets prohibitive. And from our viewpoint, O365 doesn't eliminate problems - it just introduces different problems. To keep your monthly cost to a minimum, managing your monthly Microsoft 365 licensing should be a priority as part of your onboarding & outboarding process.
4th: Barracuda - Additional Protection for O365 Clients
Prior to our engagement, our client was hit with a very sophisticated phishing scam which resulted in $500,000 of losses. This particular client had a vendor that did a significant amount of business with them. The vendor's email had been hijacked. The hacker sent an email to the Accounts Payable clerk & told her there was a change in banks. The clerk said she would need this on company letterhead. The hacker provided the information on letterhead via email. The vendor's invoices was paid to this hacker's bank account for a loss of $500,000.
For Microsoft 365 clients, we always recommend the additional protection that Barracuda Essentials Complete provides with advanced email security, backup archiving & compliance. Because it archives all email, Sharepoint & One Drive, it allows a step down in licensing as well. Barracuda Essentials Complete includes:
-
Virus scanning and filtering
-
Spam filtering
-
Email-borne malware protection
-
Anti-phishing protection
-
Archiving for compliance
-
Automatic encrypted emails
-
Email, SharePoint and OneDrive backup
-
Link protection
-
Advanced threat protection
We also recommended a software solution for phishing awareness & training for employees, which they did.
5th: StarWind Cluster Solution to Replace Aging Servers
Our client's corporate IT infrastructure was failing & aged out. 20 of the 22 physical servers were not under warranty, & 18 of the 22 servers were 7 years or older. All of these servers were a single point of failure. Microsoft's monthly security updates were not being done because of the fragility of their equipment. And some of their servers had operating systems that were end-of life & required upgrading.
We recommended a cluster solution with 3 servers for redundancy, and the necessary Microsoft licensing.
Cost: Starwinds 3-Server Cluster Solution $117,142
6th: SQL Server Replication
Our client's SQL Server is mission critical & has 40 distinct databases which requires 24/7 uptime. It is a single point of failure. The SQL Server went down for at least a half hour & it was not the first time it has gone down. Our engineer believes it may be faulty memory but, in order to properly diagnose, Dell needs to run tests with the server offline. Since it is crucial to operations, Dell is unable to perform the tests.
inSync recommended a the new server be the primary server & the existing server be used as a replication target.
Cost: New SQL Server including hardware & software $104,749
7th: Qumulo Solution for Media & Artwork
Our client owned 150 TB of custom artwork & media, intellectual property, that was hosted on 2 NAS drives, with no backup & warranties expiring in 2021. 300 graphic designers were competing for network & storage resources to work on large graphics files which was extremely slow & time consuming - finding the appropriate files & waiting for them to load.
We presented an enterprise storage system proposal to solve these challenges. Eliminating management complexity, providing data integrity and recoverability. An enterprise-class system with optimal performance and reliability.
Cost: Qumulo Hardware & Software Solution $184,401
Their IT infrastructure is now secure, protected, backed up & healthy.