Well, that was Awkward.

Well, that was Awkward.

Blog

Well, that was Awkward.

Finding Risks others may Miss

It wasn’t the call we wanted to make to a new enterprise client on a holiday weekend. After all, they had an Information Security Department larger than our entire company. The CISO had an alphabet of certifications following his name. They had more than 50 different security tools. But there it was, plain as day. Bad guys are sending data to Russia from their production network. This can’t be good. Gulp. Here goes. Ring. Ring.

The Issue

“Bad guys are sending data to Russia from their production network. “

The first call we made to our technical contact a few days earlier fell on deaf ears. Our team had seen evidence of a remote access tool (Team Viewer) running in their network. They told us we had to be mistaken because that wasn’t allowed by policy. Well, here’s a packet capture of the traffic, we said. Nothing came back from the client. We tried several times. Each day the activity was getting louder. The same internal IP address and host were involved somewhere in the corporate office. The client had top-of-the-line Endpoint Detection and Response (EDR) tools deployed, an expensive Security Information and Event Management (SIEM) platform, and state-of-the-art firewalls, along with a fleet of guys from one of the big advisory firms watching and monitoring everything. Why couldn’t they see it? What was this anomaly inside the client’s otherwise relatively clean production network?

We came in to provide a Proof of Concept (POC) of services using our PacketWatch full-packet capture platform. The POC was a joint project between the Information Security Team and the Network Department. Information Security wanted better visibility on the network, and the Network guys needed a tool to help diagnose application performance and configuration problems. A perfect fit for us to join the team and show them what we could do. We had the CIO and the CISO in the room together. We were on our best behavior. Our devices were installed only a week prior, but we already had tons of data collected. What was going to happen to the POC now, though?

We called in again. No answer. Shoot. Got his voicemail again. We left an urgent message and called everyone else we had met. “Please call back. This is urgent! We have exfil activity originating from the host we identified earlier. It’s also beginning to scan that network segment.” Danger. Danger. It was our best effort to ring the fire bell, but we were just the new guys. About an hour later, our senior project lead received a call from the client’s technical contact. It seems they had just declared an incident and enacted their Incident Response (IR) protocols. He couldn’t talk but would share the details later. Yes, we had seen something! Something big.

A few hours later, the contact told us that the offending device we had seen was a self-service Human Resources (HR) kiosk from a new vendor which had been installed in the corporate cafeteria. It was there to capture employees’ enrollment data for an employee benefits campaign. The device had been installed on the wrong network segment in a rush to get it operational. Since it wasn’t a company device, no EDR was installed. The vendor’s 3rd party IT company managed the kiosk remotely (using TeamViewer). Unfortunately, the vendor’s IT company experienced a breach the week prior. The bad guys used the open TeamViewer connection to access the kiosk. Using the kiosk’s network connection, they were now performing active reconnaissance on our client’s production network. They were also actively exfilling the employee data captured by the kiosk—what a mess. The lawyers will surely get rich on this one. Internal Audit will also document the “multiple cascading control failures stemming from a supply chain partner breach.” Ouch. And our contact admitted, “Yes, you had seen it first!”

Although that initial assignment was not exactly what we expected, it allowed us to show the strength of the PacketWatch platform in providing visibility to the network and the benefit of having a different vantage point from their library of other tools. It also showcased the ability of our team to see what others miss. We earned our spot on the team on that occasion. A relationship we treasure to this day.

A Change in Perspective

PacketWatch can help you get a better perspective on your organization’s cybersecurity risks, too. An Enterprise Security Assessment using the PacketWatch platform will tell you more about what’s hiding in your network – especially things from your vendors. Our team of experts is here to help, and we’d enjoy the opportunity to earn a spot on your team. However, if possible, we’d prefer something a bit less dramatic to get started.

Give us a call at 1-800-864-4667, or reach out via our Contact Us form.

N.B. The names were changed, and certain facts were modified, in an effort to preserve our client’s confidentiality yet share the story.
Tags:
The Truth About Cyber Insurance

The Truth About Cyber Insurance

Blog | Event

The Truth About Cyber Insurance

Join Chuck Matthews as he moderates the Arizona Technology Council July Virtual Tech Speaker Series event “The Truth About Cyber Security“. Chuck will be joined by industry experts to discuss the issues businesses should consider when approaching the proper use of cyber insurance. They will discuss the regulatory reforms that would make cyber insurance a better tool for risk transfer. Participants will gain better situational awareness regarding cyber insurance practices during this open discussion.

Panel Members:

  • Anthony Dagostino, CEO & Founder, Converge Insurance
  • Chris Branch, Chairman, ATS Underwriting
  • Wes Gates, CIO, Arizona School Risk Retention Trust
  • Tracy Foss, Senior Program Director, Risk Program Administrators

Who Should Attend:

  • Business Owners
  • Executive Management
  • Risk Managers
  • Legal Counsel
  • CIO
  • CISO

Live Broadcast:
Tuesday July 12, 2022
3:30PM – 5:00PM PT

Register:
https://www.aztechcouncil.org/event/july_tech_speaker_series/

“Cyber insurance take-up rates are increasing but Insurers’ losses are reaching unsustainable levels. Loss mitigations being implemented by Insurers to stem those losses, combined with non-standard policy terms, are leaving many to question the proper role of cyber insurance policies. ”

Arizona Technology Council Logo
The Truth about Cyber Insurance | AZ Tech Council
Key Takeaways:
  • Why are cyber insurance premiums rising so rapidly and coverage decreasing at the same time?
  • What happens if I file a claim? What are the “gotcha’s”?
  • How can I more effectively use my cyber insurance?
  • What regulatory and industry changes are being discussed and how will they impact me?
About The Arizona Technology Council The Arizona Technology Council is Arizona’s premier trade association for science and technology companies. Recognized as having a diverse professional business community, Council members work towards furthering the advancement of technology in Arizona through leadership, education, legislation and social action. The Council offers numerous events, educational forums and business conferences that bring together leaders, visionaries and community members to make an impact on the technology industry. These interactions contribute to the Council’s culture of growing member businesses and transforming technology in Arizona. To become a member or to learn more about the Arizona Technology Council, please visit www.aztechcouncil.org.
Tags:
SEC Rulemaking Necessitates Updating Incident Response Plans

SEC Rulemaking Necessitates Updating Incident Response Plans

Blog | News

SEC Rulemaking Necessitates Updating Incident Response Plans

As part of a recently announced strategic relationship, HKA and PacketWatch released a co-authored article on the impact of proposed Securities and Exchange Commission’s (SEC) cybersecurity rulings. The rulings have entered the final stages of their Comment Period and will soon be released in their final form.

Written by HKA’s Michael Corcione, Partner, and Chuck Matthews, CEO, PacketWatch, the article highlights:

  • The Proposed Rules
  • The Impact on Incident Response Programs

The proposed SEC rulemaking will significantly influence cybersecurity risk management, governance, board oversight, and compliance programs.  This action also signals a change in regulatory tenor and elevates cybersecurity to a new level of accountability and transparency.

The article is available on the HKA Website under News and Insights.

“We estimate that registrants will be dealing with hundreds of hours in modifying processes and hundreds of hours more for each incident.”

Michael and Chuck provide their expert insight into actions your organization should take following the SEC’s recent proposed rule on cybersecurity incident disclosures.

About HKA
HKA is the world’s leading consultancy of choice for multi-disciplinary expert and specialist services in risk mitigation, dispute resolution and litigation support.

HKA’s Cybersecurity and Privacy Risk Management practice is one of five risk mitigation related services lines, focusing on governance, risk and compliance, third-party and vendor risk management, incident response, training and cryptoasset operations advisory.

HKA has in excess of 1,000 consultants, experts and advisors in more than 40 offices across 18 countries.  For more information about HKA, visit www.hka.com and connect with us on LinkedIn, Twitter (@HKAGlobal) and Facebook.

Tags:
HKA and PacketWatch expand collaboration to provide immediate cybersecurity incident response services

HKA and PacketWatch expand collaboration to provide immediate cybersecurity incident response services

Blog | News

HKA and PacketWatch expand collaboration to provide immediate cybersecurity incident response services

NEW YORK, June 21, 2022 /PRNewswire/ — HKA and PacketWatch announce plans to expand their strategic collaboration to provide quick reaction incident response and crisis management capabilities to global businesses impacted by a security incident including data breaches, email compromises, business disruption, or other cyber-related attacks.

Michael Corcione, Partner, Global Cybersecurity & Privacy Risk Management Lead at HKA, commented, “I am excited to expand our relationship with PacketWatch and offer an expert team of incident response and investigations professionals to our clients. Supporting organizations throughout an incident, from detection, investigation, and post-incident response analysis is a critical service. 

For over a year, both firms have been working together on incident investigations. PacketWatch and HKA have successfully collaborated on many complex cyber-related incidents working closely with clients and their legal counsel, across a multitude of industries such as manufacturing, financial services, government organizations, irrigation, information technology and many more. This advanced collaboration will further allow HKA and PacketWatch to offer complementary and enhanced services to HKA’s global client base, spanning many industries.

“Cyber-attacks attacks are becoming increasingly sophisticated. Our partnership with HKA brings clients the expertise, scale, and professionalism necessary to rapidly address these threats on a global basis. Our combined expertise bolsters the capabilities brought to bear on incidents and helps reduce future risks.”

Chris Krueger Vice President PacketWatch

Christopher Krueger, Vice President, PacketWatch, said, “Cyber-attacks are becoming increasingly sophisticated.  Our partnership with HKA brings clients the expertise, scale, and professionalism necessary to rapidly address these threats on a global basis. Our combined  expertise bolsters the capabilities brought to bear on incidents and helps reduce future risks.”

About HKA
HKA is the world’s leading consultancy of choice for multi-disciplinary expert and specialist services in risk mitigation, dispute resolution and litigation support.

HKA’s Cybersecurity and Privacy Risk Management practice is one of five risk mitigation related services lines, focusing on governance, risk and compliance, third-party and vendor risk management, incident response, training and cryptoasset operations advisory.

HKA has in excess of 1,000 consultants, experts and advisors in more than 40 offices across 18 countries.  For more information about HKA, visit www.hka.com and connect with us on LinkedIn, Twitter (@HKAGlobal) and Facebook.

About PacketWatch
PacketWatch is a boutique provider of cybersecurity services with in-depth expertise in complex incident response, digital forensics, managed detection & response (MDR), and active cybersecurity services for mid-sized and enterprise organizations. Our responsive expertise allows us to quickly engage with our clients – rapidly identifying, containing, and eradicating threats in their environment.

For more information about PacketWatch, visit packetwatch.com and connect with them on LinkedIn and Twitter (@packetwatch).

Tags: