We’ve been talking about cybersecurity for quite some time. Yes, the threats are real. Yes, damages resulting from a malware infection or data breach can be catastrophic. Yes, every business needs to take precautions. But until last month the conversation was hypothetical – at least as it related to IBS clients. That is, unfortunately, no longer the case.
In late November, one of our Managed IT Services clients got hit with a nasty virus called EMOTET (you can read more here – this bug likely will go down in history as the largest phishing campaign of 2017). How did it happen? An employee opened an infected email link.
Most viruses travel from an infected workstation to a server and then spread from the server to other workstations. In the case of EMOTET, the infection runs laterally – meaning it travels across a network, from workstation to workstation. And it is incredibly hard to stop.
We thought we had the virus trapped during our initial inoculation. Two days later it was raging again. Ultimately, we had to wipe each of this client’s more than 50 desktops down to the boot track, reinstall the operating system and applications, add advanced end-point protection software, and then reconnect the to the main server. That process from start to finish took nearly two weeks. During this time, access to email, programs and data was interrupted sporadically. One month later, we are still working to completely eradicate EMOTET from the company’s system.
This is a cautionary tale. While we would love to report that we trapped and eradicated EMOTET, and inoculated against re-infection quickly and effectively, the fact of the matter is that the sophistication and aggressive nature of today’s “latest and greatest” viruses can challenge even the most experienced, knowledgeable, well-equipped IT providers. That includes us.
This also provides a very tangible example of why we continue to urge our clients to incorporate SentinelOne advanced end-point security software. “End points” are personal computers, network servers and other devices connected to the Internet. When they are exposed, systems and data become vulnerable. Unlike traditional anti-virus solutions, advanced end-point protection platforms do not require prior knowledge of an attack in order to detect and remediate it. They apply machine learning and artificial intelligence to continuously outflank attackers. As such, advanced end-point solutions are always evolving with the ever-changing threat landscape. They are even ready to stop threats that do not yet exist.
However, deciding to implement end-point protections the day after an attack is too late. The pain and distraction for our client has been severe, including a six-figure price tag and days of downtime. Additionally, several of its vendors and customers are now questioning the safety of email attachments they are receiving from employees at the company.
Within this context, the annual cost of about $90 per workstation and $180 per server seems a small price to pay for advanced end-point protection. The moral of the story? Do not wait another day. It could be too late.