Case Study - Cyber Security

A large, NYC-based commercial construction firm that was being serviced by a competing technology managed services provider contacted Iron Key Group to help them with a recent ransomware incident that had severely impacted the company’s day-to-day operations. The company was frustrated by the incumbent managed services provider’s lack of initial response and empathy and had some serious concerns about the fact that this was the second ransomware attack within the last year; it did not feel confident that the incumbent provider was willing or able to help them implement a strong cybersecurity plan to protect them. 

The construction company had asked Iron Key Group to help them remediate the current situation, quickly perform the necessary evaluation of their existing environment, and make the necessary recommendations to reduce the company’s cybersecurity risks and mitigate or eliminate any potential threats going forward.

Iron Key Group immediately began evaluating the construction company’s backup data to see if the data could be easily restored without having to pay the hackers’ Bitcoin ransom. Luckily, the cloud-stored data was available, and the Iron Key Group team worked with the onsite system administrator to begin restore process immediately to bring the company back to normal operations as soon as possible. 

During that same timeframe, the Iron Key Group began an immediate and comprehensive cybersecurity assessment to evaluate the construction company’s overall vulnerability level. While the assessment was intended to encompass the most common cybersecurity threats in existence, the immediate focus was on the functional areas that would provide the greatest protection against ransomware and other similar malware threats:   

• Access control:  Ensure that all users are employing best practices regarding strong passwords (minimum 8 characters, upper, lower, special and numeric passwords), password change cycles (no fewer than 90-day password changes), password history (cannot use the same password for at least 5 cycles) and screen-saver password protection (invokes no longer than 15 minutes). In addition, ensure that no user has administrative access to his/her own desktop to ensure that hijacked credentials would not have the ability install or propagate malware or its “payload”.
• End-Point Protection: Ensure that all relevant server, network and desktop devices had adequate and up-to-date anti-virus and anti-malware protection.
• Spam filter: Ensure a strong spam filter solution is in place that will detect unsolicited and unwanted email and prevent it from getting to users’ inboxes. Outside of being annoying and unproductive, spam is a common way for viruses and malware to be introduced into a company’s technology environment
• Firewalls: Ensure that all entry/exit points of the company’s external facing (i.e. internet) network was protected by commercial-grade, state-of-the-art firewalls, and that each relevant device was configured based upon the company’s business/application needs, and based upon industry best practices: is the firewall current and have the latest firmware level applied? Are the relevant ports open/blocked based upon business need and security reasons? Is there content filtering capability that is enabled and configured with minimal/no exceptions?
• Training & Awareness: Ensure that all company employees are trained to recognize the cyber-security threats that exist, and to take the appropriate action to mitigate the risk and report the incident to the relevant company and external resources.
• Social Engineering: Ensure that all employees go through rigorous mock cyber-security incident exercises before and after their comprehensive cyber-security training measure the employee’s overall awareness levels and effectiveness in recognizing and reporting such threats as phishing and  spoofing schemes

In addition to the above, Iron Key Group completed additional reviews of the company’s environment related to such topics as Security Policies, Data Protection, Network Configuration, Mobile Technologies, Messaging, IT Operations, Asset Management, Change Management, Disaster Recovery/Business Continuity, and more.

The company’s data was restored and back to normal business operations in a matter of hours, and no ransom was paid. The cyber-security assessment yielded several High, Medium and Low Risk findings, including the fact that most company passwords were still set to their original, easy-to-guess/hack default values: “password”, “temp”, “123456”. Also, several devices had outdated or non-existent anti-virus/malware tools installed.  Iron Key Group helped the construction company develop an immediate and longer-term cyber-security strategy based upon the highly probable threats and vulnerabilities that existed, the risk tolerance of the company and its overall budget considerations. 

Iron Key Group connected the customer with highly capable technology partners that would enable them to get timely and quality hands-on technology-related services. This included some immediate solutions that significantly reduced their risk of falling prey to cybersecurity-related incidents:

• Implemented group policies that hardened user access by implementing strong passwords, 90-day password change cycle, screen-saver passwords after 15 minutes of inactivity, and removed local administrative rights to all end-user workstations (desktops and laptops).
• Upgraded the company’s two end-of-life firewalls with new SonicWall NSA firewalls with content filtering subscriptions and configured them based upon the company’s internal and external business traffic needs.
• Implemented a mobile device management platform to ensure that the company’s data on mobile devices is centrally managed and protected, given the staff members that come and go for various commercial construction projects that are in production. This included restricting access to only company-approved users, devices and applications, device remote-wipe capability, device monitoring and other features.
• Brought in a training partner to perform comprehensive, cyber-security-related classroom training for all company employees. 
• Brought in a partner to perform social engineering exercises to ensure that the comprehensive training was effective, and that the company was ready to recognize the various cyber-security threats that exist at the workplace.