Two Ransomware Attacks.
This company was long overdue for
a comprehensive Security Assessment.
Region: Bay Area, California
Client Type: Enterprise
Client Size: >1000
Based in Northern California, this privately owned company has been an industry innovator for more than 50 years.
ZAG Technical Services, Inc.(ZAG) is an award-winning Bay Area IT consulting firm specializing in managed services, network infrastructure, security assessments, disaster recovery planning, and cloud computing services.
ZAG provides enterprise-class business solutions that enable clients to succeed by reducing IT costs, increasing productivity and ensuring security.
With offices in San Jose, Salinas and San Ramon, California, ZAG serves businesses throughout the Western United States.
ZAG Technical Services was called in to assess the security of the networks and systems of a Bay Area based company after it had recovered from two ransomware events.
The ZAG security team used a combination of leading industry tools and techniques to evaluate and test the current state of the network. Interviews were held with key members of management and information technology staff to determine areas of needed improvement for the organization.
A number of issues were discovered during the course of our assessment. Issues included systems that were running end-of-life operating systems, inadequate patching of servers and workstations, and an under resourced Information Technology department.
The ZAG team discussed the results with the customer prior to delivery of the formal report. This level of open communication between the ZAG team and the customer helps to ensure we can provide the best roadmap forward for the organization.
Our results were documented in a series of reports and presented to the customer for review. After reviewing the ZAG remediation priorities and options, the customer commented on how the ZAG assessment was much more comprehensive and thorough than another recent vulnerability scan that had been preformed by another vendor.
The ZAG team made a number of recommendations both during the assessment phases as well as in the final report. A number of the recommendations made during the assessment were already underway by the time the final presentation was made. This included a key area of adding another Network Administrator to balance the workload of the team and share knowledge of the environment. The hiring process was underway by the time we presented the report.
Our recommendations included:
Change all passwords especially accounts with privileged access since the ransomware incidents may have compromised these credentials.
Rebuild all systems that were compromised by ransomware from a “golden” image.
Strengthen the password policy. Even with the deployment of Multi Factor Authentication, passwords should be changed at least twice a year.
Implement Cisco Umbrella to monitor and protect DNS traffic.
Review backup procedures and preform test restores to ensure that critical systems can be recovered.
Be sure that all systems maintain antivirus everywhere, and timely patch levels, even test or development systems.
Remove unnecessary or outdated software from the servers and workstations.
Conduct regular penetration tests to expose other vulnerabilities.
The ZAG security assessment illustrated not only the technical weaknesses, but the culture that allowed the weaknesses to persist and grow. Building a secure and resilient organization takes a commitment from everyone.
The partnership with ZAG is allowing the organization to complete projects that had previously been stuck “in-process”
without completion. The process of measuring the organization against industry benchmarks, helps to provide a roadmap to reduce the risk of additional attacks. For more information on cyber security attacks, please view the slide show here.