• Insights

The Tale of the Invisible Intruder

Levi Golden

4 min read

All Insights

Spooky Skeleton

In a typical horror film, the victim goes about their normal day, blissfully unaware of a sinister character lurking in the shadows, ready to pounce.
Too scared to read on but want us to check under the bed for you? Request a complimentary scan here.

Terror in Tech

We’re sharing a real-life cautionary tale of a business development professional at a mid-sized law firm in New York City who experienced the dark side of tech savvy bad actors. For the purposes of this story, we’ll call this busy and dedicated employee ‘Barbara’. Anyone watching the story unfold would repeatedly mutter ‘Don’t go in there!” as Barbara unknowingly entered a trap laid by a real-life bad actor. Luckily for Barbara and her firm, someone else was watching… 

The focus on new business generation by a law firm’s marketing department makes them well positioned to cause a business-devastating expense. For all intents and purposes, they are constantly attempting to connect with ‘strangers’ in the quest for new leads. Kraft Kennedy Chief Information Security Officer (CISO), John Kogan advises “Humans are the weakest link in any security program, you need to make those users human firewalls.” A rigorous Security Awareness Program can help users recognize ‘red flags’, common scams with egregious spelling and obvious spoofed sender addresses. But the bad actors in this story were a new breed of sophisticated intruders, and the malicious link planted in a Request for Proposal (RFP) from the fictional ‘Jones & Barrie’, was enough to catch even a diligent user like Barbara off-guard.  

Nothing looked suspicious in the new client email, even the firm name was made to sound intentionally familiar. Barbara was pleased to receive the inquiry, but her enthusiasm was soon replaced with panic. Her laptop screen suddenly flashed an animation of a pig squealing and rolling around and large captions taunting “YOU’VE BEEN PORKROLLED” danced around the screen. She fumbled to quickly close the tab, knowing in the pit of her stomach she had been infected.

Real life nightmare

Here’s where this story can become a true nightmare. In Barbara’s situation it is an all-too-common response to sweep the incident under the rug and hope there are no repercussions. As the trusted IT partner to hundreds of organizations, the Kraft Kennedy team completely understands this reaction. Often, it’s driven by the individual’s fear of being blamed for a cyberattack, a ‘let’s wait and see what happens’ before causing more work for already burdened internal IT person or in many cases, organizations just don’t have a place to direct these inquiries. Even if the victim of the cyber incident wants to do the right thing, they don’t have experts to turn to. This lack of immediate remediation only adds to the damage of a cyber intrusion. To make matters even worse, the longer a breach goes undetected, the more devastating the impact can be. According to a 2022 Blumira and IBM report “The average breach lifecycle takes 287 days, with organizations taking 212 days to initially detect a breach and 75 days to contain it.” 

Confronting the attackers

Fortunately for Barbara’s firm, the Security Operations Center (SOC) at Kraft Kennedy has tools that monitor for unusual activity 24/7/365, alerted the team. They immediately reached out to Barbara to confirm what they detected, she indeed had been attacked by an invisible intruder! The demands for payment to release the locked data were swiftly declined by the Security Professionals from Kraft Kennedy. They quickly removed the harmful malware and reimaged Barbara’s machine without further incident.

What are the bad guys after?

Cyber invasions are almost always financially motivated crimes. Encrypted data is held hostage until ransom is paid. Ironically, this has become the best-case scenario with the emergence of new wave of invasions where intruders capture the data, and instead of withholding the private files, they threaten to publish the data. In the law firm world with private client data, this becomes a business devastating nightmare. 

The complexity of a cyber intrusion in today’s technology infrastructure requires skillsets beyond that of an IT generalist. Dedicated expert focus is necessary to ensure all traces are swiftly removed from the network. In the absence of a security operation center to manage the emergency situation, all other IT requests take a backseat when a cyber incident occurs.

The halting of all operations firmwide, unretrievable work product held hostage in an encrypted file server for days or even months, or worse still, published client data are not scenarios that organizations consider when investing in IT operations, but it should be. In 2023, IBM reported $4.45 million as the average cost of a ransomware attack in the US.
 

Three key takeaways
  1. The importance of ongoing security awareness training. Well informed users are your first line of defense. 
  2. The benefit of an expert team of security professionals ready for immediate remediation. Having the team in place to address issues drastically increases your chances of remaining unscathed when your firm is the target of a cyber incident.
  3. The time to plan for a response to a Cyber incident is before, not during an attack. Crisis mode, when each minute is costing your business countless dollars, is not the time to engage the partners you need in place to remediate a cybersecurity event. 

Tackling the latest security requirements is a significant and constant effort. For organizations looking for a quick start, consider putting a protection plan in place as an immediate security measure. If you are in need of assistance, please contact us.

Let us remove the skeletons from your closet…