As some of you may have heard in the news, there was a major breach of software company Kaseya (that TriCore does NOT use) where attackers took a foothold in a very power module of the company’s management software due to known vulnerabilities in the on-premise software code. This allowed the attackers to run the Ransomware attack downstream to all of the computers managed within that software, and encrypt all data on those machines. This type of “Supply Chain Attack” is not new, however it is an attack vector that is growing in popularity due to its ability to reach so many systems downstream.
You’ve heard us talk about layers of security, and this is literally the only way to help guard against an attack like this. There is NO silver bullet, and there is NO magic potion that will keep us 100% safe. Hackers are good at what they do, and it’s a never-ending game of cat and mouse in the Cyber Security world. Luckily, our team doesn’t stop fighting for our clients. 3 months ago, we decided to change our IT Management Vendor. As you all know, the biggest driving factor for this change was due to the increased levels of security with this new platform that we’re now on and managing all of your devices (PC’s & Servers). One of the big, bonus features that led us to this new platform (Datto RMM) is their new Ransomware Detection feature. This feature was enabled on ALL active computers and servers under our management the moment we knew about this attack happening back on Friday, July 2 within hours of this attack being first reported.
There were also reports that the additional software protections that TriCore uses, SentinelOne (Advanced Threat Detection) and BlackPoint SNAP (Managed Detection and Response), were VERY effective in slowing down and stopping the attack from spreading throughout client networks, which we are VERY happy to hear as they’ve been amazing partners to work with. Without these programs, unprotected machines would have been sitting ducks as reports have shown regular antivirus was totally ineffective against this attack since the trusted Kaseya program was hijacked.
We are constantly looking into and battle testing additional protection software and services to better protect from the ever-increasing threat angles that keep coming at us all.
Furthermore, TriCore works with ALL of our software vendors upstream to make sure that all due diligence is being executed to make sure the integrity of their systems meet and exceed the recommended security guidelines.
Again, CyberSecurity is a journey and a process comprised of many layers. Now is the time to either start or continue the conversation of how to make your network and data more secure. Every business is different, so to lay out what products, services, and procedures you need to follow within this email would not be viable. We would need to have a discussion with each of you directly to help you determine your security needs and risk tolerance in order to determine which layers of security are right for your organization.
We take the security of your data just as serious as we do our own, so TriCore will also be doing in depth audits of all of our clients to identify any vulnerabilities we see and propose recommendations accordingly. In the meantime, please don’t hesitate to reach out to us if you have any questions or if you want to be first in line to have this audit.