Netgain Ransomware

Join the ranks of Cyberattack Victims

These organizations all share a common unfortunate trait: All have been victims of cyberattacks. Late last year, Netgain fell prey to a ransomware criminal attack.

It is clear that the threat to our environment was contained in December and eliminated. Netgain also restored services to its affected clients. Our cybersecurity experts are monitoring the data for signs of misuse. No such indicators have been detected to date.

As the long list of victims of cyberattacks makes it clear, no company or government agency is immune from them. Cyberattacks remain a growing threat for every organization.

A stronger security posture

However, it is both humiliating and motivating to be the victim of such an attack. The effectiveness of our multi-platform, comprehensive backup strategy was proven effective in battle. We also identified additional ways to improve our security posture. This is a continuous journey that includes an ongoing commitment to keep this top-of-mind.

We have been implementing a variety of security enhancements as part of our incident response and have continued to work on a multi-pronged approach. We have updated policies and enforced procedures and deployed new tools. Additionally, we implemented a 24/7 managed detection and response service that allows proactive threat monitoring.

A Deeper Look into Security

We have gained significant insight and strength from navigating an attack like this, having both internal as external expertise. Given the increasing threat level, we would like to play a small role in spreading cybersecurity awareness and education.

We’ll be publishing blog posts over the next few weeks to inform, educate and caution our readers about key considerations and best practice to remember.

We will structure the discussion with a layered security system that we developed for our security roadmap. This includes:

  • Perimeter Security
  • Network Security
  • Endpoint Security
  • Application Security
  • Data Security
  • Policy Management & Enforcement
  • Monitoring and Response

We’ll discuss the purpose of each layer and highlight its highlights:

  • Organizations can make common security errors
  • The minimum security measures that every organization should adopt
  • Security best practices that companies should consider
Cybersecurity Layered Framework

Some of our recommendations may be familiar. Who hasn’t heard about multi-factor authentication? It is important to be familiar with these concepts, but not less. (According to at least one survey, 78% of Microsoft 365 administrators do not have multi-factor authentication activated)

We will also discuss security mindsets and philosophies – zero-trust and least-privilege, for example – and what steps you can take in order to improve security within your organization, regardless of who manages your IT infrastructure.

Security is a shared responsibility

For too long, managed service providers and technology partners (including us) have taken the stance of shielding our clients from the headaches, intricacies, and complications that a strong security stance involves. While it’s true that we can significantly reduce the burden of security on our clients and their teams, the responsibility is still shared. We owe it to our clients to ensure they not only understand the steps we’re taking as their IT partner, but also the measures that require their active participation and consent.

We hope that this series of blog posts will serve as a foundation for these conversations. We look forward to continuing discussions.