Author: Michael Knight
On a Friday afternoon in late 2017, an administration employee at one of Encore’s K12 client sites clicked a link in an email. This email appeared to be a legitimate email from the state. This email was, in fact, a clever attempt to infect the district with malware. Realizing the potential result of their action, the individual immediately notified the school’s I.T. department
The I.T. department sprang into action and ran both an antivirus and malware scan. Both scans indicated no threat. Unfortunately, this indication represented a false negative and a failure of this districts poor defense infrastructure.
Life is often full of foreshadowing, and Encore’s CTO met with this particular district a few months previous. Michael Knight emplored district administration that “cheap” defense is wholly inadequate in today’s threat landscape. Knight highlighted, also, the need for a multi-layered anti-malware solution ensuring the threat mitigation possible.
Epic/tragic irony describes a literary device used to foreshadow impending tragedy to the reader (e.g. Romeo and Juliet). However, we do not need a wordsmith the like of Shakespeare to describe the events that transpired. You, the reader, can easily guess what happens next.
On a Monday morning (of course!), two days after clicking the link, district I.T. employees found the entire network infected with ransomware. The district’s elected defenses were, indeed, inadequate.
There is, however, a silver lining to this tragic tale. A few years prior Encore, implemented a multi-site data-center solution including a holistic backup strategy. That upgrade enabled Encore to restore the customer’s information architecture to a pre-infection state.
During the restore process, Encore employees discovered the client updated their Active Directory domain controllers. Stored in the wrong partition of the SAN (Storage Area Network), these controllers were omitted completely from the system-wide backup and restoration process. Again, Encore delivered working 16+ hour days to restore the customer’s domain. Swift, efficient work restored this district’s access their digital resources and assets.
No story is complete without proper credit given to the authors and actors. Thank you Dominic Reina and Gene Choquette! You treated the customer like family, providing for them a resolution. Not only that, you allowed the customer to avoid the extremely negative press that comes part-and-parcel with a data breach.
What can we help our customers’ learn from this unfortunate situation? Three words: “Protect your environment!”
The essential steps include:
- Have a 3rd party review your network and systems
- Have enterprise multi-layered, multi-vendor security architecture
- Have working backups and test disaster recovery plans
Security Notes from the CTO:
Don’t allow the “win” of cost avoidance and easy access allow “Security Drift” to occur.
“Security Drift” is the outcome that occurs when you will allow the wrong things to be done for the “right” short-term reasons.
Sacrificing the long-term stability for short-term convenience never yields positive results.
We partner with the best technology providers in the business so that our customers can receive the choicest outcome. Our technology partners may be the suppliers, but to our customers’ we are the architects, general contractors, laborers, warranty providers and best friend.