LINKEDIN
Share
Reading Time: 4 minutes

Last Updated on December 22, 2021

hackers

 

 

 

 

 

 

The story that follows, told by our partner wekos, an MSP focused on IT resiliency, is perfect for the season, as it is a Christmas story. Like most Christmas stories, normalcy is interrupted when a challenge is presented, and the story ends in a win-win situation. In this case, the result was a win for our mutual client—and that’s “Happy Holidays” for all concerned.

As background for the story, we think it is important to share that it is nearly impossible for any organization to be an expert on all things. Our expertise at Pivot Point Security is information security and privacy. Many MSPs, whether they offer security services or not, benefit greatly from the ability to leverage a pure-play information security partner’s expertise on behalf of their clients. Pivot Point Security has many such MSP partners in our trusted ecosystem, one of our favorites being wekos.

Here’s what happened, as told by wekos:

The Challenge: Xmas Cyber Attack!

December of 2019 on the day after Xmas <Our Customer> was attacked.  The customer alerted us that a ransomware attack had occurred and several workstations and the primary datastore had been compromised. A team was quickly mobilized as the customer had been completely brought down to an inoperable state.  wekos was not providing any security services or monitoring at the time other than annual vulnerability and penetration testing.

Solution #1: Disaster Recovery & Business Continuity Management

However, wekos was providing disaster recovery as a service (DRaaS) for their data, along with onsite IT consulting services. This made us critical for data restoration.  Our first step was to restore data that had been encrypted.  Once the production servers were spun up in our offsite datacenter, we began scanning the affected environment and determined where the ransomware instance resided. We incorporated the use of multiple team members (cyber analysts and data backup specialists). We were able to restore the client back to production within a couple of days and introduce our additional security services to further protect the environment. 

Solution #2: Managed End Point Security, SIEM

We installed the Comodo Suite of products on each of their endpoints to increase protection against crypto locking and additional malware. As we continued to build trust with the customer, we introduced a SIEM solution which monitors the environment on a 24×7 basis.  This protects against anomalous behavior by alerting the wekos SOC for mitigation, collecting data via Syslog for forensics and auditing requirements, and providing reports.

Solution #3: vCISO

 As time passed, the customer was being required by partners and clients to complete security questionnaires and surveys.  This was exposing gaps in their security posture, specifically the ISO 9001 [Quality Management System] requirement that the customer was trying to achieve. The customer reached out to wekos for a reference vCISO partner that could provide direction in helping them achieve an ISO 9001 certification. wekos referred Pivot Point Security to come in and assist with an audit and review of the current environment and assist with achieving their goals.  Recently the customer has asked wekos for additional protection for their email since they have been migrating to an MS365 environment. wekos is assisting in implementing Sentinel 1 as an additional layer of protection. 

Even after bouncing back from the holiday ransomware attack, wekos’ customer knew they needed additional security skills, as their clients and business partners were asking them to demonstrate a robust security posture. Further, staying competitive in their market meant they needed to achieve ISO 9001 certification, which had security implications. The best approach was to take advantage of Pivot Point Security’s virtual CISO (vCISO) service to “gap assess” their current environment, move their security policies and controls forward, and bring them to ISO 9001 certification as efficiently as possible over a significant timeframe (one year plus). The vCISO’s broad knowledge of the latest security best practices and technologies has been critical to success, as options are constantly evolving.

Further, wekos’ vCISO can tap Virtual Security Team members to help implement solutions. For example, when wekos’ customer chose to migrate to the AWS Cloud, Pivot Point Security provided an AWS Security SME to ensure they went about it the right way. As the joint customer proceeds with other security-sensitive initiatives, like Microsoft 365 migration and Payment Card Industry (PCI) certification, Pivot Point Security will provide additional resources on-demand.

The End Result:

The critical takeaway from this customer account, which probably applies to your organization and most others, is that security/privacy concerns can be part of an ongoing business strategy. With the combined resources and skillset of an MSP and Pivot Point Security, our mutual clients have the guidance to confidently tackle the expected as well as the unexpected.

What’s Next?

It’s our vision at Pivot Point to provide a clear picture for organizations we serve to enable the best business decisions. Your security strategy is a marathon, not a sprint. We’re ready to help you stay protected for the long haul. To speak with an expert on how robust security can become a strategic enabler for your business, contact Pivot Point Security.

Check out these related blog posts to learn more about a proven process for achieving and maintaining compliance:

Step 1 to “Provably Secure and Compliant” – Establish Your Vision – Pivot Point Security

3 Things Every SMB Needs to Become “Provably Secure and Compliant” – Pivot Point Security

LINKEDIN
Share

vCISO Roles and Responsibilities Inforgaphic ThumbnailSuccessful vCISO = All Security Roles Filled

This document outlines the 3 critical roles and responsibilities of a Virtual Chief Information Security Officer: Architect, Builder, and Operator.

Download the free inforgaphic now!