Winquest support doesn’t end when our mission is accomplished. We encourage our Clients to contact us, free of charge, anytime they have cybersecurity questions or concerns. For example:
- A Client received a suspicious email from the CEO to the CFO requesting the wire transfer of a large amount of money. The Client immediately contacted Winquest and we helped them execute their Incident Response drill to ensure they were able to cancel the transfer and confirm their system wasn’t infected with malware from the email.
- A Client opened a PDF document and it immediately disappeared and couldn’t be located. The Client contacted Winquest and we were able to diagnose the incident as a software problem and confirm it was not malware related.
- A Client asked Winquest the best kind of lock to install after our vulnerability assessment mission discovered the server room door had no lock on it. Winquest helped the Client determine the best type of lock to use and sent links to vendors where they could purchase it.
The costs of a data breach add up quickly. A report published by First Data, a major credit card processing company, drives home the cold hard reality of the direct costs of a cyber attack and the potentially devastating effects beyond actual expenses. Their report focuses on compromised customer credit card data as opposed to other forms of cyber attacks. Here is their outline of direct and indirect costs:
- A mandatory forensic examination
- Notification of customers
- Credit monitoring for affected customers
- PCI compliance fines
- Liability for fraud charges
- Card replacement costs
- Upgrade or replacement of POS system
- Reassessment for PCI compliance
- Damage to your brand and business reputation
- Bad press
- Loss of credit payment privileges
- Your time
Click to ready their full report.
If you ever have any doubt about the magnitude and frequency of cyber attacks, check out “Hackmaggedon.com.” Paolo Passeri, a sales engineer for OpenDNS in London, maintains this fascinating site tallying not every cyber attack, just major events covered in the news. He catalogs the types of attacks, their motivation and creates a timeline each month. Bottom line? The more we depend on the Internet to run our businesses and conduct transactions, the more criminals will focus their attention online as well.
A $1B Manufacturer/Retailer Client contacted Winquest to perform a vulnerability assessment of their network and get a third-party view of their security. Winquest deployed a team to Client site and conducted a full vulnerability scan of Client systems working with the Client’s IT department. The Client was doing a good job overall but still had over 1000 vulnerabilities (which is not unusual).
The largest vulnerability was discovered when malware was found on an Industrial Control System (ICS) on their production floor. The malware had the capability to beacon out information about the Client’s production to unauthorized personnel. The Client discovered the ICS was still under the system vendor’s control and not theirs. The Client brought the ICS under the supervision of their IT department, corrected the problem and thanked Winquest for our services.
An Investment Adviser Client contacted Winquest to perform a vulnerability assessment of their network and mobile devices prior to a possible SEC cybersecurity sweep examination. Winquest deployed a team to Client site and conducted a full vulnerability scan of Client systems. The Client was doing a good job of keeping software patches updated and systems inventories current but there were still over 1000 vulnerabilities discovered (which is not unusual).
The largest vulnerability was discovered when Winquest compared our network map with the Client’s inventory and found a discrepancy in the systems still functioning on the network. The Client had a server on their network that was supposed to be turned off and removed over a year prior but was still operating. Since the Client believed the server had been removed, no security updates had been made which made the system highly vulnerable to attack. The server was immediately removed from the network which eliminated the vulnerability.
An Auto Dealership Chain Client contacted Winquest (at 5:00 PM on a Friday afternoon) to request Incident Response support to recover from a major data breach. The Client contacted the State Police, the FBI and their insurance company after the credit reporting agencies suspended the ability to pull credit reports due to unauthorized use of the Client systems. The insurance company laid out the qualifications required to hire an incident response company and Winquest met those requirements (the Client’s Information Technology (IT) support company did not and referred the Client to Winquest). While the Client was gaining approval to hire us, Winquest personnel were alerted and preparing to deploy to the Client site.
Upon arrival at Client site, the Winquest Incident Response Team (IRT) confirmed the scope of operations with executive management, conducted interviews and quarantined the systems that were suspected of compromise. Those systems hard drives were copied for analysis and the originals were bagged and tagged as evidence for FBI use. The IRT met with the FBI team and received high praise from the Special Agent leading the FBI investigation.
Winquest analysis discovered a zero day vulnerability had been used to gain access to multiple Client systems and use that access to pull credit reports. Winquest personnel were able to remove the malicious code responsible for the breach, scan the Client network, certify the system was free of the malware that caused the incident and help the Client meet the credit reporting agencies security requirements. Once the requirements were met, the Client was able to resume accessing credit reports.
At the conclusion of the IRT mission, The Client and Winquest executed a Service Level Agreement to continue support via quarterly vulnerability assessments, employee awareness training and Policies and Procedures development and implementation.
The Chairman for the House Committee on Small Business, Steve Chabot (R-OH), opened a recent hearing with the startling fact that over 71% of cyber attacks occur at businesses with fewer than 100 employees. He went on to say, “The American government, American businesses, and Americans themselves are attacked over the Internet on a daily basis. Sometimes they know, sometimes they don’t. These attacks come from criminal syndicates, ‘hacktivists,’ and foreign nations. They’re after intellectual property, bank accounts, Social Security numbers, and anything else that can be used for financial gain or a competitive edge.”
The Committee also heard from Todd McCracken, President of the National Small Business Association, who discussed the fact that small companies currently have fewer resources to address cyber attacks. “Many small companies are not in a position to have a dedicated IT department, and many either outsource IT functions or assign such duties to an employee with other responsibilities—often the owner him/herself. In fact, the number of business owners who personally handle IT support appears to be on the rise,” McCracken said.
This testimony was presented April 22, 2015 as part of the committee’s consideration of H.R. 1560, the Protecting Cyber Networks Act, and H.R. 1731, the National Cybersecurity Protection Advancement Act. Click here for more information.