The Breach – Part 1
I’m not sure how many cyber security professionals have been on the receiving end of a data breach and had to navigate their way through it. But, part of my passion for this industry was born in my experience. I was a typical IT Manager, supporting a companies software and infrastructure. They had a few on-site IT professionals, and some outsourced partners, and were focused on growing revenue, operational efficiencies, and doing more with less. The Company had what I’d consider typical security tools in place. A firewall with IP blocking and blacklisting, a modern AV/Anti-Malware agent, email security tools, etc.
One typical day, I’m at a lunch meeting with the CEO at Panera. I got a call from my IT Manager since I was at lunch with the CEO. I wanted to stay focused on our conversation, so I ignored the call. Immediately following I got an SOS text to call her ASAP. This was not like her, so I knew something needed to be addressed, so I excused myself from the CEO and stepped outside to call her back. I could sense a little panic in her voice, so I immediately asked her “What’s wrong?”. She tells me that they received a call from the FBI, stating that an agent would be on-site the next morning to discuss a cyber security incident and that IT leadership and any 3rd party related to infrastructure should be present. I paused, and being somewhat skeptical, I said, call the FBI office and verify the information provided (thinking it was a scam call). She said, I already did, and it’s real. After returning the table, the CEO asked me “What’s wrong?”, I relayed the information, and his first question was “Is this something that could put the company out of business?”, to which I replied, “I don’t know yet”. This was the beginning of a very long and hectic three months.
True to their word, the FBI showed up the next morning, and we had all the necessary players around the table to ask questions and determine the scope of the situation. Before we could open our mouths the FBI proceeds to tell us that he’s not even a cyber crime agent, he’s a kidnapping/ransom agent. That he doesn’t know anything about cyber crime, and his job is to read us the information about the incident. So, he begins and reads a document that says the FBI had been monitoring some bad actors in eastern Europe and that our Company was 1 of 30 companies transmitting data to foreign IP addresses. After reading the statement, he gave us the specifics of which IP addresses were in scope. We start asking questions, to which he simply says “My job was to inform you of this activity, if you need more specifics, here is a card of a cyber crime agent that might help you”. We shake hands, the meeting is over.
About the Author:
This blog was written by John Hensberger, Managing Partner of Black Bottle IT. Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014. Connect with John here.