SECURING A FAILING & VULNERABLE IT ENVIRONMENT
A CYBER SECURITY CASE STUDY
The Cyber Attack
Our client was attacked by a highly sophisticated foreign entity on a weekend morning. The systems were in the process of being encrypted but an employee noticed the unusual activity and literally unplugged their systems, stopping the encryption.
inSync had been helping with custom software support, but our network engineers were asked to come in to audit & evaluate their systems.
The IT Infrastructure Audit
We audited their extensive IT infrastructure at five different facilities, and presented our findings to their C-level staff. Our audit results concluded:
No firewalls;
No backups, local or remote;
Failing infrastructure including servers, switches...;
No antivirus protection on 225 machines including desktops, laptops, servers…resulting in a phishing attack;
Poor on & offboarding procedures of personnel resulting in significant O365 overbillings;
Inadequate digital file storage & backups of intellectual property.
Based on our IT audit results & recommendations:
Our client made a substantial IT infrastructure investment to protect, secure & stabilize their corporate environment. The executive committee laid off their 4 member senior in-house team & replaced them with one of our knowledgeable & experienced senior engineers.
1st: Secure their IT Infrastructure
Purchased & Installed Palo Alto Firewalls
Our first priority was to purchase, install, activate all licenses & subscription, & configure the Palo Alto firewalls. This is an enterprise cybersecurity platform which provides network security, cloud security, endpoint protection, and cloud-delivered security services. The firewalls also allowed site to site connection & VPN for secure remote connection.
2nd: Back Up Servers Locally & Remotely
There were no server backups of data/applications, or of their media. Backups are crucial to protect data in case of a system crash, data corruption, hard drive failure, ransomware attack...We recommended Veeam Software, an industry leading backup, recovery & replication software. And the client purchased new NAS drives to backup data locally & at one of their remote locations.
We also recommended an automated Cloud backup that was air gapped & immutable, to provide daily offsite backup. This solution protects the data from cyber attacks such as Ransomware. Altogether there are 3 redundant daily backups completed - locally, at one of their remote locations, and in the Cloud.
3rd: Manage Office 365 to Minimize Cost
Our clients' email server had a catastrophic failure & their Exchange server was not backed up. Their email was down for a number of days and was eventually migrated to Microsoft 365.
4th: Barracuda - Additional Protection for O365 Clients
Prior to our engagement, our client was hit with a very sophisticated phishing scam which resulted in $500,000 of losses. This particular client had a vendor that did a significant amount of business with them. The vendor's email had been hijacked. The hacker sent an email to the Accounts Payable clerk & told her there was a change in banks. The clerk said she would need this on company letterhead. The hacker provided the information on letterhead via email. The vendor's invoices was paid to this hacker's bank account for a loss of $500,000.
For Microsoft 365 clients, we always recommend the additional protection that Barracuda Essentials Complete. It provides advanced email security, backup archiving & compliance. Because it archives all email, Sharepoint & One Drive, it allows a step down in licensing as well. Barracuda Essentials Complete includes:
-
Virus scanning and filtering
-
Spam filtering
-
Email-borne malware protection
-
Anti-phishing protection
-
Archiving for compliance
-
Automatic encrypted emails
-
Email, SharePoint and OneDrive backup
-
Link protection
-
Advanced threat protection
We also recommended a software solution for phishing awareness & training for employees, which they did.
5th: StarWind Cluster Solution to Replace Aging Servers
Our client's corporate IT infrastructure was failing & aged out. 20 of the 22 physical servers were not under warranty, & 18 of the 22 servers were 7 years or older. All of these servers were a single point of failure. Microsoft's monthly security updates were not being done because of the fragility of their equipment. And some of their servers had operating systems that were end-of life & required upgrading.
We recommended a cluster solution with 3 servers for redundancy, and the necessary Microsoft licensing.
Cost: Starwinds 3-Server Cluster Solution $117,142
6th: SQL Server Replication
Our client's SQL Server is mission critical & has 40 distinct databases which requires 24/7 uptime. It is a single point of failure. The SQL Server went down for at least a half hour & it was not the first time it has gone down. Our engineer believes it may be faulty memory but, in order to properly diagnose, Dell needs to run tests with the server offline. Since it is crucial to operations, Dell is unable to perform the tests.
inSync recommended a the new server be the primary server & the existing server be used as a replication target.
Cost: New SQL Server including hardware & software $104,749
Their IT infrastructure is now secure, protected, backed up & healthy.