See the original publication found in On Balance Magazine.
At some point in 2015, cybercriminals had an aha moment. Instead of going through all of the trouble of breaking into a network, stealing data and then executing a complicated scheme to monetize that data, they found a shortcut - and it was already paved.
Data encryption was touted as a defense against attempts to steal data, and companies implemented encryption to keep their data safe. It did not take long for the bad guys to figure out a way to turn those defenses around: Encrypt the data and hold the key for ransom. Already armed with methods to trick users into running things they should not, attack methods were created that locked companies out of their own computers, data stores and applications.
Faced with the prospect of being without key systems and data for long periods of time, criminals offered a quick fix: Pay us to fix it. Insurance companies often encouraged payments, calculating that it was more economical to pay upfront than to pay for rebuilding systems, covering lost revenue and buying new equipment.
The result was predictable. Criminals saw big pockets behind the companies they were attacking. They widened their attacks and increased the ransom demands. More criminals got into the game, realizing how profitable this venture was becoming.
The biggest question that companies are asking today is this: "Can we survive a ransomware attack?" To answer that, it is best to break the threat down to four questions:
The components of protection should be familiar, as they are the basic hygiene items needed to stop any cybersecurity threat:
• Privileged access or admin access to devices throughout the network should be limited, with specialized accounts set up for local administrator tasks. When many users have admin access to many machines, ransomware spreads like wildfire.
• Access to file shares across the network should be only as-needed. Ransomware will look to encrypt whatever files the user who launched it can see and change. If the infected user has limited rights on file shares, the damage that can be caused will be limited.
Malware normally finds its way onto computers that are missing patches. Ransomware is no different; yet patching continues to be a shortcoming in many organizations' defenses. The keys to having an effective patch management program are to:
• Ensure ALL operating systems and platforms are covered by an automated patching system.
• Ensure ALL applications are covered by an automated patching system.
• Perform scans routinely on all systems in the environment to confirm the automated patching systems are functioning as intended.
Organizations need to have current and up-to-date technology defending endpoints. Anti-virus applications installed and forgotten five years ago do not meet this requirement. Make sure the endpoint protection system is actively monitored to ensure components are current and protections are not disabled.
When commercial buildings, hotels and homes are built, codes have to be followed for a number of reasons, one of which is to ensure that fires have difficulty spreading from room to room and floor to floor. A computer network should be no different. Networked devices in one department should be able to see networked devices in another department only if there is a justified business requirement.
One of the most important aspects of limiting the damage of a ransomware attack is to know when it is happening. Following are the key steps to sharpening any company’s detection capabilities:
"How an organization responds to a ransomware attack directly affects the amount of system damage caused by the attack."
How an organization responds to a ransomware attack directly affects the amount of system damage caused by the attack. That response also affects the damage to its reputation with customers and the morale of its employees. This is where a formal incident response plan (IRP) is essential. The basic components of the IRP should include:
• Defined members of an incident response team (IRT).
• Contact information for external resources (such as the media, law enforcement and third-party consultants).
• Templates for communicating with employees, customers and vendors.
Specific to ransomware, the IRP should have a playbook for procedures related to a ransomware attack. Such a playbook can be designed through a tabletop ransomware exercise. This playbook will be unique to the organization with steps specific to the IRT members. Steps should include:
• User actions when ransomware is suspected.
• Specific steps for isolating network segments or systems.
• Communication steps with members of the IRT.
Recovering from a ransomware attack normally involves one of three options.
1. Recover via backups.
To be viable, backup systems and images cannot be compromised by the ransomware. Attackers will often look to encrypt backup systems first so that a system restore is not possible. To protect the ability to recover systems and data, organizations should:
• Maintain protected gold images of systems to ensure restoration to a known trusted state.
• Keep copies of data backups that cannot be overwritten and are disconnected from the production network.
2. Pay the ransom.
Some companies are forced into this solution. Some look to it as the path of least resistance. There are risks that come with this choice: Will the decryption key be effective? Criminals realized early on that it is more profitable in the long run to provide the key. That does not mean it will be useful. In the case of the recent Colonial Pipeline attack, a large payment was made only to find the decryption tool was too slow to be of use (Morse, 2021). Unfortunately, if you're attacked once, you may be attacked again. A recent report indicated that 80% of businesses that paid to recover from an attack experienced a subsequent ransomware attack (Yu, 2021).
3. Rebuild from scratch.
This is the most painful scenario, normally chosen when backups cannot be restored and/or the purchased decryption key is not working.
Hopefully, this guide helps you to understand and prepare for these attacks. The tactics of the criminals continue to escalate with the release of captured data and the use of personal attacks on corporate executives to compel payment. Our efforts to resist need to meet these threats. Here are two resources to help in the fight:
• The website "No More Ransom!" (www.nomoreransom.org) contains resources to help victims retrieve their data without paying the criminals. Tools include working decryption keys for known ransomware variants.
• In June 2021, the National Institute of Standards and Technology (NIST) released a draft of a framework to use in managing risks associated with ransomware. This is a free resource which can be accessed here:
Another M365 email outage... seriously just Google it... there are even multiple websites that monitor and tell you there is an outage but there is nothing you can do about it… or is there?
Whether it is email, Azure, Teams or? What can you do?
Better question yet… now, what are your employees doing while they wait? Well… are they using a personal email account to send business information? That is even scarier.
Does this all sound too familiar?
The good news is you CAN do something about it.
Here is where Mimecast has a brilliant solution. It keeps users email working during on-premise or cloud outages!! Like a back-up parachute, should the primary not open… you don't have to free fall, you can pull the secondary cord and simply glide to safety.
So, let's say the Microsoft M365 service goes down. First off, rather than having you guess if there is a disruption and possibly obtaining confusing information from Microsoft Admin Center, Mimecast provides outage/disruption detection.
Through the ‘heartbeat' approach Mimecast monitors for high latency and failed deliveries. If a problem is detected, based on thresholds, Mimecast will trigger an alert to admins via SMS or secondary email. From there the admin can kick off a continuity event which allows end-users to keep working through Outlook, webmail portal or mobile applications.
With Mimecast, your end-users will have no idea there is a problem. They can continue to send and receive email as if there was no failure. So, they just keep working. Once your primary email service comes back online. Mimecast will sync up with them, and the world keeps turning.
And, coolest part in my opinion, if Mimecast is also your security and archive solution, having am outage that requires a continuity assist from Mimecast doesn't alter your security and archive capabilities in the slightest. You are still just as protected and compliant. No need for your users to seek an alternate, Shadow IT solution.J. Peter Bruzzese - “Conversational Microsoft 365 Cyber Resilience”
Join the many SynerComm customers who have added M365 Resiliency to their Enterprise Email environment. For a deeper discussion, follow along below.
Warning: This blog contains purposeful marketing and gratuitous plugs for SynerComm’s CASM™ Subscription services. Seriously though, the following article will present the need for better external visibility and vulnerability management.
Whether you are vulnerability scanning to meet compliance requirements or doing it as part of good security practices, there is a universal need. At the time of this article, there are essentially three equally capable and qualified scanning solutions. They include products from Tenable, Rapid7 and Qualys. My point is that each of these scanning solutions, if configured correctly, should produce accurate and similar results. Therefore, as long as your scanning provider is using one of these three solutions, they should be able to detect vulnerabilities. SynerComm starts with a top scanner and then addresses all the gaps that your MSSP is missing.
Vulnerability scanning and analysis is a critical process within all information security programs. Scanners should find missing patches, dangerous configurations, default passwords, and hundreds of other weaknesses. Their technology is based on probing systems over networks and trying to determine if the system exhibits specific vulnerabilities. While the process itself isn’t complicated, many organizations choose to outsource it to a managed service provider. If you need a provider or already have one, it’s time to upgrade to Continuous Attack Surface Management (CASM™).
Vulnerability scanning MSSPs served their role well for many years but failed to keep up. They failed to keep with cloud migrations, failed to keep up with the rate of IT changes, and failed to provide tools that simplify and enable security for their subscribers.
If you’ve ever wondered what your systems and exposures look like to a cyber-criminal, just ask a pentester. SynerComm’s CASM® Engine was originally designed to provide accurate and timely reconnaissance information to our penetration testers. Access to this data and our ‘Findings-Based Reporting’ is available to all CASM® and Continuous Penetration Test subscribers.
Learn more about our Continuous Attack Surface Management, SynerComm’s CASM® Engine, and our industry-leading Continuous Penetration Test subscriptions.
|Scheduled Scanning of Known Assets||✔️||✔️|
|Ad-Hoc (Manual) Scanning||✔️||✔️|
|24/7 Online Dashboard Reporting||✔️||✔️|
|Discovery of New Assets||✔️|
|Elimination of False-Positives||✔️|
|Risk-Based Customizable Alerts||✔️|
|Access to Penetration Testers||✔️|
One of the things I have noticed while working at SynerComm over the years is that while most companies have employees on staff who possess the necessary technical knowledge to complete their projects, many organizations lack the logistics knowledge that large‐scale deployments require. As such, many companies typically rely on their project managers to handle these deployments. While project managers possess a wide variety of skills, few have extensive experience handling the logistics of large, complex deployments and could benefit from some expert advice and assistance.
To fill this knowledge gap and help our partners succeed, SynerComm created ImplementIT, a production‐readiness approach that offers smooth deployments for IT organizations looking to scale their operations.
Many project managers and IT personnel often find themselves in charge of coordinating the logistics of large‐scale deployments. To help your next deployment go as smoothly as possible, we suggest reaching out for help from the experts as early in the process as possible.
Experts like the team at SynerComm can help you define, model, and analyze your options when it comes to procurement, staging, testing, coordination, shipping, installation, and support. Even if you ultimately decide not to partner with an external logistics team, your organization can still benefit from their advice and learn how to avoid many of the common pitfalls associated with large, complex deployments that unprepared teams are more likely to encounter.
The SynerComm team is always happy to help and appreciates the opportunity to help organizations consider all their options and plan their approach to any large, complicated deployment. Though each project has unique factors that need to be considered, many deployment projects share at least some similarities. An impact and approach analysis conducted with help from the experts is a small investment that can save your organization time and money while minimizing frustrating delays and other challenges.
ImplementIT has been specifically designed to help set project managers, and their projects, up for success by offering advice as well as practical assistance.
Though most project managers have at least some prior logistics experience, few have extensive experience handling large, complex IT deployments. To help ensure each deployment goes smoothly, all ImplementIT customers are assigned their own SynerComm project manager. All of our project managers are trained to blend well with your PMO requirements while bringing recent and relevant logistics experience to the table. They also have extensive experience managing and mitigating the common risks and issues frequently associated with shipping (particularly international shipping), as well as the skills required for country‐specific installation and support.
ImplementIT project managers are able to integrate seamlessly with your organization, expanding your team’s capabilities when it comes to large‐scale, geographically diverse, and complex deployments. Your ImplementIT project manager is there to help you make decisions and avoid potentially costly and time‐consuming issues. Our culture of collaboration and transparency means we gladly share our knowledge freely, setting PMOs up for success and teaching them the skills they need to handle future deployments on their own while also offering ongoing support and advice as requested.
The first thing we do before we begin any logistically challenging IT project is sit down with your project managers to ensure we understand your schedule and your outcome requirements. Once we are certain we are all striving towards the same goal, we identify atomic units for the project, including sites, systems, and milestones, and define the high‐level breakdown structure required to manage the deployment of those units. During this phase, we also take into account all related activities, communications, and deliverable to help ensure the deployment goes as smoothly as possible.
Once all parties are on the same page regarding those higher‐level concepts, our team begins codifying these concepts into a working model. This includes layering in details and assumptions based on our extensive experience and capturing the supporting variables for common decision sets. This model allows our team to work closely with your team so we can effectively communicate and explain cost, quality, and schedule expectations based on our expert assumptions.
Working together, we begin changing the variable decision points in order to gain an immediate understanding of what the impact of various decisions might be. This unique approach has served us very well in the past, which is why we chose to leverage it when designing our ImplementIT approach.
By working together through the options using real‐time impact information, the two teams can co‐author an approach that is mindful of your project's unique considerations. We also work to create a solid rapport and establish open lines of communication between both teams early on in the project. This helps minimize the chance of unwelcome surprises, ensuring we consider all possible options and setting the project up for success. In an effort to avoid unpleasant surprises and ensure the deployment goes as smoothly and seamlessly as possible, we try to ensure all assumptions, risk, deliverables, schedules, measures, and metrics are clearly understood on both sides upfront.
As an IT and logistics professional, I can never emphasize enough the value of a solid approach to risk and issue management. Most large‐scale deployments need to be deployed to hundreds or even thousands of sites and require the coordinated cooperation of dozens of teams and individuals. As such, no deployment is ever completely issue‐free.
Common issues I have encountered over the course of my career include:
Though at least a few minor issues are likely to occur during even the best‐planned deployment, there are steps that you can take to minimize the number of issues that do occur and mitigate the delays and other problems these issues are likely to cause.
The key to keeping any project on track and progressing smoothly is complete visibility. We have achieved this by creating a single secure portal that handles all tracking, reporting, documentation, testing, and communication. By ensuring all critical information and communication occurs through a single, centralized portal such as the one ImplementIT leverages, we can help ensure that all key stakeholders are on the same page at all times and have total visibility into all aspects of the project.
COVID‐19 has had a profound impact on all aspects of business, including IT and logistics. Even before the pandemic, many companies already struggled to find and retain Qualified IT Professionals. Even organizations with fully staffed IT teams often find more work to be done than people to do it. In my experience, even a single disruption, such as an IT team member taking a sick day, can significantly impact business operations and hamper productivity.
To help ensure each project progresses smoothly, all ImplementIT projects include access to a full team of qualified and experienced IT and logistics professionals that you can count on to handle your next large, complex deployment and ensure the job is done right. This means that your organization doesn’t need to pull critical internal IT staff away from other tasks and deploy them out in the field, allowing you to minimize their COVID‐19 exposure risks and cut down on unnecessary travel.
By leveraging SynerComm’s full team of highly qualified IT and logistics staff, you don’t need to redeploy valuable, internal IT staff to handle “rinse and repeat” style deployments. This means that your internal IT professionals can continue to focus on higher‐impact projects and activities designed to grow and safeguard your business.
ImplementIT combines the indispensable technical knowledge of qualified IT professionals with the critical skills required to smoothly and seamlessly handle large‐scale, complex deployments, allowing you and your team to focus on what matters most: your business.
For more information about ImplementIT, or to get started on your next large‐scale deployment, please contact us today.
SynerComm's business approach has served us well over the years, allowing us to create custom, value‐added solutions delivered with world‐class service. This commitment to excellence has helped us create long‐lasting customer relationships built on a solid foundation of trust.
Our valuable experience is both deep and broad. We have extensive experience with IT infrastructure, security, operations, management, and logistics, allowing us to serve our customers' entire spectrum of IT lifecycle needs.
Our customers know they can count on us for sound advice and concrete, value‐added solutions. They have come to expect consistently careful, time‐appropriate approaches to each project that allow them to maximize their chances of success regardless of project size or complexity. From large, complicated projects with many moving parts to small but vital support activities, our customers know that we are there for them every step of the way.
Our team has worked hard to cultivate this culture, and it has benefited us in many ways, driving us to earn the status of trusted advisor to every customer with whom we are lucky enough to partner. Our team continues to be grateful to our customers, who allow us to grow through their continued business as well as sincere, unsolicited referrals.
Our team begins every project by listening to our customers carefully and hearing their asks. This listen‐first approach allows us to work with purpose, seeking and confirming our understanding of our customer's challenges by bringing questions and ideas to the table. Our customer interactions are guided by and benefit from the depth and breadth of our knowledge in both the IT infrastructure and logistics spheres. We have extensive experience designing, building, and supporting IT infrastructure and operations for customers in a wide variety of industries and verticals.
Instead of spending our time "selling" ourselves to our customers and prospects, we focus our energies on investing in the right solutions for our customers and letting our excellent work speak for itself.
We apply this same customer‐focused approach to our new ImplementIT service, which allows us to use SynerComm's technology, infrastructure, security, operations, and logistics expertise on our customer's behalf. We create and implement innovative solutions for their unique and challenging problems. We learn as we execute and are always ready to adapt quickly to changing circumstances.
There is no such thing as a one‐size‐fits‐all deployment, which is why we don't offer one‐size‐fits‐all solutions. To create your perfect, custom solution, we adapt our efficient, knowledgeable, experienced approaches to address your project's unique requirements. Our ability to consistently apply our broad and deep expertise when working with our customers to plan, execute, and manage large‐scale deployment projects successfully has allowed SynerComm to become a trusted advisor to our valued customers. Our unique ability to effectively combine our experience, expertise, and detail‐orientated approach to business sets us apart from the competition.
Our ability to combine our extensive IT knowledge with our logistics experience makes SynerComm unique and gives us the tools we need to handle even the most challenging deployment. This expertise, paired with our dedication to white‐glove service, offers an unparalleled customer experience.
Many companies claim to offer "white‐glove service," offering a rigid set of one‐size‐fits‐all processes and procedures that allow them to check off items on a checklist. Our approach is different. We value our customer relationships immensely and think of our customers as part of the team. We are driven by a deeply seeded and pervasive culture that drives us to always do right by each and every customer. White‐glove is more than a checklist; it's a way of conducting business that governs every aspect of our company. Our white‐glove philosophy guides our selection, development, and retention employee processes. It allows us to best leverage our team's critical skills and expertise as well as those of our trusted technology partners.
Our white‐glove philosophy determines how we structure, motivate, and manage our teams, as well as how we advocate on behalf of our customers and maintain high levels of communication. This philosophy is fueled by our passion for freely and transparently sharing our knowledge and expertise.
All of our ImplementIT customers benefit from the same white‐glove approach for which SynerComm is known. Like all the work we do, all ImplementIT projects are built on collaboration and transparency, from development to implementation. We pride ourselves on making sure our ImplementIT customers never have to wonder how their project is progressing. We provide continual updates via real‐time and scheduled interactions, which are supported by a combination of detailed and summarized graphical and tabular reporting. This ensures our customers always know our team is on top of the project's risks and issues. If we do encounter obstacles or challenges, we will actively work to get the project back on track and ensure a successful outcome. We work hard to efficiently handle every task and create affordablevalue‐added solutions on reasonable timelines by leveraging our company culture built on communication, collaboration, and healthy relationships.
Our extensive and specialized knowledge of IT infrastructure benefits our customers in many ways, including allowing us to optimize schedules and improve our accuracy. SynerComm has a history of developing automation solutions for large projects that dramatically improves the speed, consistency, and accuracy of both testing and validation. Our familiarity with a wide variety of vendors and technologies helps us minimize errors and helps ensure the right equipment has been processed and shipped. This familiarity, along with our attention to detail, is critical because sometimes there are only subtle differences in part numbers between vastly different pieces of equipment.
We also have a great deal of experience shipping and supporting technology all over the world. Our work has allowed us to build up an extensive experience and knowledge base and develop healthy and strategic partnerships with companies worldwide, which we can leverage to best help our customers. Though few of our customers already had strong international shipping capabilities before partnering with us and rely on us for validation and confidence. However, most of our customers rarely need to ship equipment internationally, allowing them to access our wealth of experience whenever international shipping is required.
Our concerted effort to build trusting relationships with our customers and partners has served us well. Here are four scenarios where that trust was integral to getting the job done, maximizing efficiency, minimizing costs, and getting it done right.
One of our customers, a large retail chain, had experienced a multitude of challenges in the past whenever they tried to deploy new technologies in their retail locations and distribution centers. These challenges, including problems with communication and coordination between the head office and retail locations, hardware that arrived in an unusable state, and a variety of lost shipments, had made deployments a headache for this customer. A better approach was needed.
Issues such as these are one of the most common reasons deployments experience significant delays and unnecessarily high hardware costs and create conflict between the corporate and retail location teams. Frustrated with their current approach and impressed by our previous successes with similar projects, this client decided to approach SynerComm for help.
We were able to model our ImplementIT approach and collaborate closely with the customer, creating a detailed proposal. By listening carefully to the customer's past challenges, we developed specific processes, procedures, and communication plans designed to overcome these challenges and deploy the project smoothly. Given the client's previously poor deployment experiences, we also took additional measures to account for any possible delays or issues; this included purchasing 7% more equipment than was necessary and budgeting twice as much time to complete the project as we usually would.
With our plan in place, SynerComm was able to successfully deploy the new network infrastructure across approximately 2100 retail locations in both north and central America. The entire deployment took only five months, and no equipment was lost or damaged. Our customer ultimately recovered cost by returning the extra gear they purchased and repurposing staff to other projects. Like all projects, there were challenges. No large project is ever completely free of risks and issues. However, our team remained accountable to the client and shouldered the responsibility of identifying and addressing potential risks and issues so they could be mitigated and minimized.
As a company, we don't believe in finger‐pointing, just solutions. Our professional, white‐glove approach made a measurable difference for this large retailer and has raised their expectations and standards for all future deployment projects.
Building a relationship built on trust takes both time and dedication and isn't always easy. One example of a time it was difficult for us to gain a customer's trust involved working with a large, international manufacturing organization. This organization needed help with a global deployment of an IPS (intrusion prevention system) solution and solicited bids from several companies. Though SynerComm was not one of the initial companies invited to submit a proposal, we had a strong existing relationship with this customer that had developed over time as they leverage other SynerComm services. Because of our existing relationship, we learned of their need and asked to join the bidding process. Though the customer permitted it, they warned us that they were also considering many long‐standing deployment services partners, so our chance of winning the contract was slim.
While the other companies' bids relied on proposals based solely on what the customer had asked for, we decided to take a different approach. We developed a solution model in a spreadsheet format that allowed for variables to be changed and gave the customer immediate insight into how those changes would impact the project's cost, quality, and schedule. By collaborating within the solution model, our team built a rapport with the customer by showing them, interactively and in real‐time, how they could change potential solution options and deliverables and gain immediate insight into how those changes would affect the project.
The customer was incredibly impressed and immediately saw the value of our approach and process, which allowed them to learn, develop, and evaluate potential alternative approaches to communications, coordination, shipping, tracking, reporting, and managing international technology deployments.
Our unique and insightful approach meant SynerComm went from being a long‐shot to being the front runner and caused the client to rethink their approach to the project. In light of the insight and flexibility that SynerComm demonstrated, our customer asked all of the other bidders to resubmit proposals. The proposals were to be reworked to align with the approach the customer and our team had developed together.
SynerComm ended up winning the contract, but in the end, both SynerComm and the customer were winners. We were able to help the customer save time and money while eliminating most of the fear, uncertainty, and doubt that frequently accompanies large‐scale technology deployments. Because of the innovative, flexible, and responsive solution we brought to the table, SynerComm is now on the shortlist of partners this customer trusts to deliver projects at this scale. Since completing that first ImplementIT engagement, this customer has called upon our team to assist them with a variety of different international deployment and support projects.
Our customers rely on us for more than just IT solutions; many also consider us trusted advisors. Knowing we have their best interests at heart, many customers seek our advice on logistics and IT. Our assistance helps customers assess potential improvements to their approach and handling of projects and tasks.
One customer had traditionally purchased all equipment for each project in the country the solution was to be deployed. While this strategy's goal was to offset the perceived expense of international shipping, tariffs, and related costs, this approach caused expensive inconsistencies, necessitated reorders, and created a need for multiple site visits by IT resources. With help from SynerComm, this customer now purchases all of their equipment from American manufacturers, relying on our experienced team for staging, validation, and coordination of field deployments. This new approach has reduced the customer's costs and allowed them to benefit from deterministic outcomes.
Another customer who operates, administers, and maintains equipment in hundreds of field offices across the United States. Historically this customer received all field office equipment upgrades at their headquarters. A team of IT professionals then managed the configuration, staging, testing, storing, and shipping process on a project‐by‐project basis. This process caused a variety of inconsistencies and problems with communication, inventory management, and field rework. To help streamline their deployments, this company now relies on SynerComm to manage and maintain all of their inventory, staging, and shipping processes so that they can focus their attention on value‐adding communication and coordination activities between their headquarters and field offices.
Both logistics and IT can be challenging, and having the right partner can mean the difference between a smooth, successful deployment and a deployment riddled with problems and delays. No matter how large or small your deployment is, you need to know that you can trust your logistics and IT partner to provide you with tailored solutions, sound advice, and trustworthy white‐glove service. For more information about how ImplementIT can make your next deployment stress‐free or get started on your next project, please visit our page.
The COVID-19 event, obviously, has had a wide-reaching negative impact for the entire country. Despite this, even in the face of the trauma linked to the loss of loved ones, we will eventually prevail and see the other side of this event. When that happens, a return to more normalized business operations will closely follow (if not already underway). There is a unique, somewhat limited, opportunity to position your organization for a far better response to this kind of event in the future. The primary method to achieve this is from an investigative effort, or what is more commonly referred to as a “lessons learned” exercise. In this case, the focus will be on the organization’s continuity planning, or contingency planning, approach and execution.
One way of viewing this exercise is from the phrase “Those who do not learn from history are condemned to repeat it.” Essentially, when mistakes happen, learn from them or you’ll be likely to encounter the same failures. The approach of a “lessons learned” exercise is a method of continuous improvement that is based on a singular event (COVID-19) or similarly related events. The entire goal should be to find areas where business unit operations or actions had difficulty or issues with the event under review. Generally speaking, a “lessons learned” exercise should be applied to all projects and, where it makes sense, to any smaller efforts made by an individual or handful of staff. This goes to its general principle of increasing efficiency and effectiveness in similar future events.
For guidance, here are some suggested steps for carrying out a “lessons learned” exercise:
As with most things that address improvement, the first step is to set aside dedicated time to organize and focus on the effort. This will involve identifying the staff and lead manager that will be needed for the team that tackles this important undertaking. The staff will need to dedicate time to focus on the task at hand – this may not be very not easy depending on how recovery efforts are running. A notable challenge can be the need for accurate recall, in the absence of on-going issue tracking during the event. Regarding how much time to dedicate, have as many sessions as needed, but be aware of scope creep. A good method to guard against scope creep is for the team to set specific goals at the outset of the exercise. If other more significant issues arise, it may be best to have a separate investigation, so that proper focus and resources can be dedicated to each. A primary goal at this first stage should be the understanding that these meetings are to be kept (take attendance if needed) to get things kicked off and so the team can leverage the time-frame where staff still can readily recall details of their issues. Hopefully, some of the issues were already being noted during the crisis. If not already part of your contingency procedures, consider adding an “active event issues” list, as well as coordinating that data via check-ins with higher management. For the lessons learned, gather that information and data. The entire organization should understand that this exercise is underway and to provide any assistance needed to help the company be more successful in the future.
Once meetings have been established and are running, the effort will involve information gathering, where feedback should be openly asked for. Consider soliciting information from the entire organization, if appropriate and acceptable. In general, be sure to capture the following:
Once the information has been gathered, it will need to be organized, condensed and reviewed for actionable issues. The staff to conduct those reviews should follow the business unit structure, where finance issues are reviewed by the finance department, technology issues reviewed by the Information Technology department, and so on. The information learned from these issue reviews must be captured in documentation and then collected for the group and team lead to review. Therefore, there is a need for a recognized keeper of documentation, including meeting minutes. All those on the team will coordinate with the records keeper to ensure full and accurate data is maintained on the issues being addressed. The minutes are generally distributed to the team for review and coordination of efforts on any “asks” from those meetings.
After there is confidence from the team that pertinent issues have been identified, start the hunt for solutions. Some problems will be easier than others and don’t forget to leverage the organization for ideas on how to address those problems. In the case of COVID-19, everyone has been impacted and likely will have some general idea as to what potential solutions could address the myriad of identified issues or gaps. Take those ideas and formulate a plan to address the issue and review solutions to ensure that they will indeed address the problem identified. A recognized method for implementing a fix is the Plan of Action and Milestones (POAM), which can be found in great detail within the National Institute of Standards and Technology (NIST) publications. After that, take corrective action following the POAM to resolve the gaps, adjusting as needed along the way.
Finally, keep an archive of the lessons learned activities for review and tracking. At the end of the exercise, it will be apparent that focused effort was expended to obtain results and the successful methods used should be repeated. Conducting this exercise will bring forward skill sets that can be re-engaged to address problems that trouble the organization elsewhere. As a last step, if not already part of the overall exercise, a summary report should be assembled to show the results from the team’s efforts. Send the report up the management tree for review, including executive management. Given the scope and impact of this event, and in order to prevent history from repeating itself, this should be a report of interest.
We will next look at the outline for a pandemic response and what should be considered for contingency planning, in the event that COVID-19, or something similar, comes knocking again.
“So, let’s say we fix all of the vulnerabilities that the pentest discovers… How do we know tomorrow that we’re not vulnerable to something new?”~Customer
Having been part of the penetration testing industry for over 15 years, I’ve been challenged by many clients with this very question. The fact is that they are right, a penetration test is a point-in-time assessment and new vulnerabilities are discovered every day. We hope that our patch and vulnerability management processes along with our defensive controls (firewalls, etc.) keep our systems secure. Over the past 5 years, we’ve experienced a rise in the number of clients moving towards quarterly penetration testing and seeing the value of rotating through different penetration testers.
In 2017, SynerComm’s penetration testers decided to put their heads together to develop an even better solution. (Honestly, one of our top guys had been nudging me for two years with an idea already…) We agreed that nothing replaces the need for regular human-led penetration testing. As of today, no amount of automation or AI can come close to replicating the intuition and capabilities of an actual penetration tester. That said, if we can be confident that nothing (ok, very little) has changed since the last penetration test, we can be significantly more confident that new vulnerabilities are not present. Building on this idea, the continuous pentest was born.
Continuous pentesting combines the best of both worlds by using automation to continually monitor for changes, and human pentesters to react to those changes quickly. Computers are great at monitoring IP addresses, services, websites, and DNS. They can also monitor breaches and data dumps for names, email addresses, and passwords. What makes continuous pentesting successful, is taking actions based on changes and using orchestration to determine if additional scans can be run and if a pentester should be alerted.
There is no replacement for the validation provided by a thorough, skilled, and human-led penetration test. External and internal pentests with social engineering demonstrate precisely how a determined and skilled intruder could breach your company’s systems and data. Continuous Penetration Testing focuses on public systems and online exposures and should always follow a full, human-led, external penetration test. Partner with SynerComm and we’ll keep an eye on your perimeter security year-round.
When I asked my peers to review this post, here is a summary of the message that came back: Too “salesy,” Marc. As I read through the draft again, I think they may be right. I do share how SynerComm helps companies who are facing the challenge of being short-staffed in IT. As I talk with my friends and colleagues in every industry, I believe that most companies today, from the largest to the smallest, experience that challenge. We at SynerComm help companies successfully overcome that challenge every day, and so I suppose I suffer from the old adage: “to a hammer, everything looks like a nail.”
While SynerComm heavily invests in facilitating the free exchange of information (e.g. this blog site, annual IT Summit events, free best practice and strategy analyses), sometimes you just need skilled, innovative expertise to solve nagging problems or to just get the job done. If that is not you right now, I invite you to join us at our many information-exchange events, and be sure to save the date for our next IT Summit on September 16 and 17, 2020... oh, and you should probably stop reading now too. If, on the other hand, you would like to read about how other companies are overcoming their staffing challenges, please read on.
Many organizations are struggling to plan, build, implement, and support wide-scale remote access in support of social distancing and isolation. These projects are urgent and vital, but they are not your only projects planned or in flight. You are still researching new and more efficient business solutions, developing new revenue-generating applications, and building out more revenue-supporting capacity. On top of that, you are continuously and simultaneously operating, administering, maintaining, supporting, and securing everything that is already in production!
Before the current reality of rapidly implementing solutions that support “social distancing” and “self-isolation,” IT organizations were overloaded; do we stand a chance today? Failure is not an option, and we can all use some help now and then; many organizations need help right now! SynerComm has a long history of partnering with customers to overcome these challenges. Unlike traditional Staff Augmentation, where you get one person, full-time, for some number of months, SynerComm offers a refreshing alternative: FlexIT.
With FlexIT, you get a pool of hours from SynerComm that provides primary highly qualified, full-time resources who are backed up and augmented by secondary highly skilled resources as needed. FlexIT ensures that your projects and support demands are met, even in the face of PTO, unexpected illnesses, and demand bursts. When the project completes, or the need for support subsides, the “flex” in FlexIT kicks in again: you terminate the engagement when the time is right for you. When and if you need more help, SynerComm will be there for you.
Our customers leverage FlexIT to build out network and security infrastructure (on-premises and in the cloud, complex and simple, large and small). They use FlexIT to implement and validate security controls, including SIEM, Endpoint Detection & Response, Secure Anywhere Access, and Identity & Access Management. SynerComm’s customers benefit from FlexIT to build information security programs and validate the effectiveness of deployed controls. Perhaps most importantly, our customers have relied on FlexIT to ensure Continuity of Operations when faced with the short or long-term loss of critical staff.
Let’s face it, the fact is that you do not always need a full complement of IT solutions and security architects, consultants, and engineers. However, occasionally everyone needs a little help. When those needs arise, when failure is not an option, call SynerComm. We can match you up with the right FlexIT team from among our diverse and experienced technology and security experts, and for exactly as long as you need. SynerComm can also assist you with flexible, part-time ongoing administration and maintenance support, and even with finding full-time employees. We love being part of the solution for our customers, turning seemingly insurmountable problems into wild successes!
As the business world reacts to the current health crisis, companies are offering remote access to any role that can work from home. Taking a cue from the changing environment, cyber-criminals are already taking advantage. Already (03/15/2020) the US Health and Human Services Department suffered a cyber-attack with the intention of distributing false information.
Here are some recommendations on continuing to practice good information security hygiene as more of the access moves outside of the physical office.
The need to immediately increase remote access capabilities is here, much sooner than a lot of companies were prepared for. But just as it is not prudent to take shortcuts to meet a deadline from your boss, now is not the time to sacrifice security for expedience or convenience. We have already seen examples of people sharing links to private company meetings via social media sites, virtually opening the meeting to anyone who happens upon the link. It is essential that these users who now have new methods of access, understand and protect that access. The bad guys are actively looking to prey upon those who are unprepared.
We all know the stats of the Coronavirus, although they are changing by the minute. We know what to do personally and for our families but what about for our Company?
Many customers do have Business Continuity Plans or Enterprise Risk management plans, but do they include plans for a Pandemic such as this?
A few things to consider:
Just a few things to think about for your best practice preparedness plans.