Security Incident: What Can You Do To Prepare?

On Dec. 2nd, 2022, Rackspace (an enormous Infrastructure as a Service hosting company) experienced an outage on their Hosted Microsoft Exchange (HEX) service, leaving ALL HEX customers without access to email. The next day, Rackspace announced that it…

On Dec. 2nd, 2022, Rackspace (an enormous Infrastructure as a Service hosting company) experienced an outage on their Hosted Microsoft Exchange (HEX) service, leaving ALL HEX customers without access to email. The next day, Rackspace announced that it was a security incident. Three days later, Rackspace reported that it was a ransomware attack, and that the data is most likely unrecoverable. It seems that despite their security measures and disaster recovery plans, the hackers were able to penetrate their defenses and thwart their disaster recovery methods.  

When there is a large-scale security incident, we try to review what happened, how it happened, and how it could be prevented. If a threat actor could gain access to Rackspace’s sensitive information, it is a wonderful time to reflect on your own situation. Do you have adequate protections in place, or do you have some of the same vulnerabilities? 

As a quick disclaimer, I need to add that none of our clients were affected by this attack as we do not use Rackspace HEX services. While Rackspace was a larger scale event, we are seeing that criminals target and extort many small and mid-sized businesses too. Specifically, they look for “easy targets.” 

So, what are the key takeaways from this incident and how can you avoid being an “easy target”?  

Here are a few tips: 

  1. Create a plan to modernize legacy business applications that do not support modern security. In the Rackspace scenario, their hosted Exchange solution is a legacy product that does not support modern authentication methods. This is a great time to go through your own applications to see which applications will not support multi-factor authentication and other critical security components. This may include things like old operating systems, legacy line of business software, basic licensing, etc. 

 

  1. Have an incident response (IR) plan and a disaster recovery (DR) plan in place. These plans need to include the following elements:  
  • What are your critical applications and services? 
  • How are you backing up your critical data? 
  • How do you restore it? 
  • How much downtime can the company survive? 
  • How much downtime do you tolerate before enacting a disaster recovery process? 
  • Who is your backup provider going to be? 
  • How are you going to get critical data into that backup provider? 
  • How are you going to get users up and running? 

 

  1. It is not enough to have data backup. It is also critical to have a way to access and serve that data. For example, if your critical line of business application runs on a Microsoft SQL server and your business has a low tolerance for downtime, the DR plan for SQL needs to include a plan for quickly serving up the data, and not just a backup of the SQL databases.  

Once you have answered the questions in your IR and DR plans, test your plans. Take a dry run to verify that you are backing up the data you need and that you can serve up that data on another platform in a reasonable amount of time. Schedule regular intervals to test these processes to ensure they continue to work. 

A third-party backup solution is a bare minimum requirement even if your data is in a public cloud environment like AWS or Microsoft Azure/365.  

Whether you have been affected by a security incident or want to talk to someone about getting your plans in place, let us know and we will be happy to help!  

Information Technology Aligned With Your Business Goals?
Philantech3 is a complete IT services & IT support company working with organizations in Spokane.