One Company, Two Ransomware Attacks. This company was long overdue for a comprehensive Security Assessment.
“Today, security problems are business problems. Technology solutions can discover vulnerabilities and close security holes. A proactive approach will improve productivity, lower costs and provide a competitive advantage.”
— Greg Gatzke, President, ZAG Technical Services
Situation
ZAG Technical Services was called in to assess the security of the networks and systems of a Bay Area based company after it had recovered from two ransomware events.
Solution
The ZAG security team used a combination of leading industry tools and techniques to evaluate and test the current state of the network. Interviews were held with key members of management and information technology staff to determine areas of needed improvement for the organization.
A number of issues were discovered during the course of our assessment. Issues included systems that were running end-of-life operating systems, inadequate patching of servers and workstations, and an under resourced Information Technology department.
The ZAG team discussed the results with the customer prior to delivery of the formal report. This level of consistent, open communication between the customer and ZAG helps to ensure we provide the best roadmap for the organization, while resolving any critical issues immediately.
Our results were documented in a series of reports and presented to the customer for review. After reviewing the ZAG remediation priorities and options, the customer commented on how the ZAG assessment was much more comprehensive and thorough than another recent vulnerability scan performed by another organization.
The ZAG team made a number of recommendations both during the assessment phases as well as in the final report. A number of the recommendations made were already underway or already completed by the time the report was presented. This included fixing urgent security vulnerabilities that needed to be addressed immediately.
Our recommendations included:
- Change all passwords especially accounts with privileged access since the ransomware incidents may have compromised these credentials.
- Rebuild all systems that were compromised by ransomware from a “golden” image.
- Strengthen the password policy. Even with the deployment of Multi Factor Authentication, passwords should be changed at least twice a year.
- Implement Cisco Umbrella to monitor and protect DNS traffic.
- Review backup procedures and preform test restores to ensure that critical systems can be recovered.
- Ensure all systems, including test systems, have antivirus and timely patches deployed.
- Remove unnecessary or outdated software from the servers and workstations.
- Conduct regular vulnerability tests to expose other risks.
Summary
The ZAG security assessment illustrated not only the technical weaknesses, but the culture that allowed the weaknesses to persist and grow. Building a secure and resilient organization takes a commitment from everyone.
Benefits
The partnership with ZAG is allowing the organization to complete projects that had previously been stuck “in-process” without completion. The process of measuring the organization against industry benchmarks, helps to provide a roadmap to reduce the risk of additional attacks.
Customer Profile
Customer: Anonymous
Customer size: Enterprise >1,000 employees
Country or region: United States
Industry: Manufacturing
Partner: ZAG Technical Services
Partner website: zagtech.flywheelstaging.com
Based in Northern California, this privately owned company has been an industry innovator for more than 50 years.
Introduction to Basic Cybersecurity Measures
Nine things you should can do to improve your network security:
- Change administrator user name
- Enable account lockouts
- Add web filtering software
- Patch systems on a timely basis
- Add antivirus everywhere
- Segment admin roles
- Enable server and PC firewalls
- Implement air gap backups
- Implement SAN with secure snapshots