Promethean IT

View Original

On the Recent Kaseya Ransomware Attack

Kaseya, a developer of business IT solutions, announced earlier this month that cyber-criminals exploited a hole in its software code that infected as many as 1,500 businesses with ransomware. Like other recent high-profile security incidents, this was a sophisticated zero-day attack against Kaseya that turned into a "supply chain attack."

If you're a Promethean IT client, you don't have to worry because you weren't affected by this breach. Although we don't use Kaseya's software, we use remote device management tools that perform critical functions, like every managed service provider. These tools are essential for keeping devices up-to-date and running optimally. But as this incident reminds us, an efficient security program is more than just tools: It relies upon a holistic approach emphasizing people, culture, and business resiliency.

Uninterrupted business is always top of mind in everything Promethean does. We continually evaluate our cybersecurity tools, partners, and third-party supply chain so they're compliant with industry standards and frameworks. [1]

We use multiple tools to continuously cross-check that security controls and processes are in place, aligned, and up-to-date. We partner with cloud-native security platforms [2] to ensure a complete picture of our security posture, including cybersecurity framework alignment and continuous compliance. We automate testing based on adversary emulation, which allows us to further harden client endpoints and networks from unauthorized access via adversarial frameworks. [3]

We also realize that the human element is often one of the most neglected (but most essential) parts of an effective cybersecurity program. We help our clients build cybersecurity awareness within their organizations with the most effective training tools available (and we use their sneaky phishing tests to keep our staff sharp and on their toes). [4]

This holistic cybersecurity approach brings together peer-reviewed processes, leading-edge technology, experienced specialists, and a focus on business resilience. So you can serve your customers confidently, without interruption.

1 NIST, ISO, and SOC 2

2 JupiterOne

3 AttackIQ and ATT&CK

4 KnowBe4