Floods, fires, and power outages can happen around the clock. A cybersecurity incident is no different. Case in point: an intruder targeted RJ2 Technologies at 3:30 AM on a Saturday, said Heather Simek, vice president of the Schaumburg, Ill.-based MSP.
In the middle of the night, hackers encrypted servers on both the MSP and customer sides. The intruders also deleted the backup and disaster recovery across the board, including cloud backups, said Simek, who shared her story with other MSPs during the ChannelCon 2022 panel “I’ve Been Compromised! Now What?”
“There was no history. We were starting from scratch,” said Simek. While the team did have an extremely high-level incident response plan in place, it had gaps they always meant to fill in but never did. Instead of a nice clean backup to start with, they were scrambling.
Partner vendors were also unprepared, working with a skeleton crew and slow to respond. Looking back, she would have had more than a rough idea of what to do during an incident response.
“There were a lot of holes, holes that nobody thought of,” said Simek.
Having a plan for a potential disaster is one thing, but practicing it is another. Practice gives you opportunities to find the types of gaps Simek and her team experienced. Practice also gives you a chance to talk to your partners about how they respond to disaster. “Find out what their plan is because you might see a hole there that they may not see,” Simek said.
In Simek’s case, the vendor had the key to a clean backup, and Simek’s team was able to download it from the secondary to the primary cloud. With that break the MSP was able to spin up some servers and get the data back down from the cloud—a process that ended up taking weeks.
Practicing Overrides Overwhelm
There are hundreds of things to do during a cybersecurity incident and prioritizing them in the moment is almost impossible. People without a plan can experience similar mistakes: blanking out, wasting time and burning out from unfocused panic. The intensity, the stressors, the spike in cortisol—all of those physiological responses are normal in a high stress situation.
“Your brain is going to try to put you into survival mode,” said Edlin Garcia, a Ph.D. student studying mental health and IT professions at Indiana University. “If your response is, ‘I don’t want to take care of this right now,’ that’s your brain trying to protect you.”
Continue reading: https://connect.comptia.org/blog/why-practice-should-be-part-of-your-incident-response-routine
In the middle of the night, hackers encrypted servers on both the MSP and customer sides. The intruders also deleted the backup and disaster recovery across the board, including cloud backups, said Simek, who shared her story with other MSPs during the ChannelCon 2022 panel “I’ve Been Compromised! Now What?”
“There was no history. We were starting from scratch,” said Simek. While the team did have an extremely high-level incident response plan in place, it had gaps they always meant to fill in but never did. Instead of a nice clean backup to start with, they were scrambling.
Partner vendors were also unprepared, working with a skeleton crew and slow to respond. Looking back, she would have had more than a rough idea of what to do during an incident response.
“There were a lot of holes, holes that nobody thought of,” said Simek.
Having a plan for a potential disaster is one thing, but practicing it is another. Practice gives you opportunities to find the types of gaps Simek and her team experienced. Practice also gives you a chance to talk to your partners about how they respond to disaster. “Find out what their plan is because you might see a hole there that they may not see,” Simek said.
In Simek’s case, the vendor had the key to a clean backup, and Simek’s team was able to download it from the secondary to the primary cloud. With that break the MSP was able to spin up some servers and get the data back down from the cloud—a process that ended up taking weeks.
Practicing Overrides Overwhelm
There are hundreds of things to do during a cybersecurity incident and prioritizing them in the moment is almost impossible. People without a plan can experience similar mistakes: blanking out, wasting time and burning out from unfocused panic. The intensity, the stressors, the spike in cortisol—all of those physiological responses are normal in a high stress situation.
“Your brain is going to try to put you into survival mode,” said Edlin Garcia, a Ph.D. student studying mental health and IT professions at Indiana University. “If your response is, ‘I don’t want to take care of this right now,’ that’s your brain trying to protect you.”
Continue reading: https://connect.comptia.org/blog/why-practice-should-be-part-of-your-incident-response-routine