We thought the international network security events of last week were incredibly interesting. Then on Monday Morning the POMT team found itself front and centre in the fight against cyber crime as our accounting system experienced an attempted hack and our email system was compromised which spread and affected our customer’s and in turn their customer’s email platforms.
Red faces aside these events need to be aired and discussed, businesses need to learn and share information including mitigation strategies. These events are a wake up call to the once distant horizon at which we have arrived. Regardless of your size, industry, or influence, if you have a web facing ‘anything’ you run the increasing risk of being compromised by Viruses, Malware, and the most destructive current threat, Ransomware.
At POMT we have a crack IT team who manage security, network and workplace technology solutions for a number of organisations including our own and whilst our first response may have been a desire to run screaming from the building, cooler heads prevailed as the team initiated our disaster mitigation and recovery plan which traverses pre determined stages being ‘Identification’, ‘Interrogation’, ‘Isolation’ and ‘Mitigation’ followed by a ‘review and respond’ session.
The outcome of all this? We have now implemented internal activities to harden our security posture which include:
- Implement an interim mail rule to block any incoming or outgoing mail that contains patterns matching the known threat
- Implement new security software across our fleet (laptop and mobile) and both our consumed and supplied cloud services
- Centralised Windows O/S patch management implementation
- Expedite our new network deployment that provides greater security (particularly from malware threats)
- Undertake forensic analysis of the infected machine(s)
- Further investigation of machine learning anti-virus offerings
Most interesting to these events was the teams’ internal response times. Being a Cisco SPARK integrator and heavy user, the IT Team were able to spin up a room and invite the entire company in a matter of minutes. Instructional data was then circulated as it came to hand which effectively became a news stream and supported collaboration efforts as the incident unfolded.
As the incident now subsides both here and abroad it is comforting to hear from many who have had similar experiences recently willing to share information and support the common goal.
The business wishes to extend a sincere apology to all those who were effected by this attack and appreciate your understanding at this time.