Security Breach Scenario: Professional Services Firm

Cybersecurity Terms to Know Padlock

Security Breach at a Professional Services Firm

In the professional services world, a 25-person business consulting firm in our portfolio might not seem like an obvious target for cyber attackers. With a culture of trust and a belief in the relative security of being “too small to be a target,” they only had basic security measures in place. This included antivirus software, a corporate-grade firewall, and air-gapped server backups.

Their perceived immunity to cyber threats was shattered when user clicked a malicious link and downloaded an attachment. A few days later, the entire network was encrypted. Their operations were disrupted, and days of work were lost. Luckily, thanks to the air-gapped backups, we were able to restore the servers within half a day. Additionally, we rebuilt each workstation from scratch, and with a dedicated team, had them up and running by the end of the day.

This cyber attack was a wake-up call and marked the turning point in the firm’s approach to cybersecurity. They understood that being “too small” does not mean being safe. On the contrary, small businesses can be appealing targets precisely because their security measures often aren’t as robust as those of larger corporations.

This incident led to a radical overhaul of the firm’s security posture. We introduced them to our “Onset Red” classification — a structured, thorough set of security practices inspired by the NIST 800-171 guidelines but tailored for our clients. We deployed a modified set of Group Policy Objects (GPOs) based on those provided by the DoD Cyber Exchange and implemented other key aspects of NIST 800-171. Additionally, we addressed other potential attack vectors and disaster scenarios, implementing strategies to mitigate these risks and plans to recover if they materialized.

There were initial apprehensions about the cost and perceived impact on workflow. But experiencing a ransomware attack that brought down the entire company rapidly changed their opinions. The firm came to understand that investing in robust cybersecurity measures is far less costly than recovering from a successful attack.

The benefits of the transition to “Onset Red” were immediate and significant. Since its implementation, the firm has not experienced any major security incidents, and the number of support calls we receive from them has decreased significantly. Moreover, the firm’s enhanced security credentials are likely to increase trust and confidence among their clients, underscoring their commitment to protecting sensitive data.

This case study serves as a stark reminder that cybersecurity is not a luxury but a necessity for businesses of all sizes. It also highlights the value of proactive measures and the role managed IT services can play in ensuring businesses are well-protected against evolving cyber threats. In the world of IT, being “too small” is never a reason to compromise on security.

Concerned about cybersecurity threats?

Contact us to see how we can help fortify your defenses.

Share the Post:

Related Posts

Person handing over a cup of coffee
General Interest

From Business Challenges to Proactive IT Solutions

It was a crisp morning, the kind where every breath feels rejuvenating. The local coffee shop, its …

READ MORE
Warning sign that says crisis just ahead
Cybersecurity

Are You Ready for the Unexpected?

In our highly connected world, IT disasters can strike without even a moment’s notice. Whether through a …

READ MORE
Man and woman - Denver IT support on computer
Fundamentals

How to Choose the Right Denver IT Support: 7 Critical Questions to Ask

Finding the right IT support in Denver can be an overwhelming task. Asking the right questions can simplify the process and lead to a solution that best fits your needs.

READ MORE
Strategy in IT for Small Business
Small Business

Leveraging IT for Small Business Growth

Discover the power of strategic IT in scaling your small business. Align your tech infrastructure with business objectives for growth.

READ MORE
Cybersecurity Terms to Know Padlock
Cybersecurity

Exploring 10 Essential Cybersecurity Terms to Know

Cybersecurity awareness is crucial in today’s digital climate. Make sure you know the basics with cybersecurity terms to know.

READ MORE
Frustrated woman showing it is time for a new managed service provider
Fundamentals

8 Clear Signs It’s Time for a New Managed Service Provider

Experiencing slow response times or hidden fees from your MSP? It is time to find a better fit for your business.

READ MORE
People in hard hats looking at a computer
Construction

Navigating IT Challenges in the Construction Industry

From mobile work environments to data security, learn how to navigate IT challenges in the construction sector.

READ MORE
Picture of people in a meeting with laptops
Financial Services

Financial Services Firms: An In-Depth Problem-Solution Approach

In the dynamic and complex world of financial services, technology isn’t just an operational aspect—it’s an enabler …

READ MORE
Skip to content