Although I had planned a much different post for today, the situation turned the week into an epic cybersecurity battle where I had to support two brave IT squads from Contoso and Fabrikam (obviously not the actual company names). In this epic tale we will discover their valiant efforts to combat security incidents. Their stories, though contrasting, reveal important lessons about the need for strong cybersecurity measures.
The Valor of Contoso
The knights of Contoso were well-equipped for battle. They had bestowed upon their employees the mighty Microsoft 365 E5, a superior tool with advanced security features. In their arsenal, they also had a well suited Security Information and Event Management (SIEM) system and an extensive user awareness program to educate their troops.
The dragon they faced was a compromised laptop, which had been compromisedwith a malicious payload. Upon the device’s restart, this wicked payload launched its attack, attempting to spread to other computers via Skype messages.
But the warriors of Contoso were not easily defeated. Only three more people received the tainted messages before the advanced AI guardians in their SIEM and E5 protection intercepted the threat, preventing any further onslaught. The users, trained well through their awareness program, promptly reported the suspicious messages to the InfoSec cavalry. The alert had already been sounded, thanks to the vigilant automated tools.
The result of this epic battle? No further infiltration, and no data leaks. All invaded computers were purged remotely and data restored from the unspoiled backups. Artificial Intelligence (AI) tools lent their wisdom by generating reports and identifying key system logs, helping trace back the payload and risk vectors.
The battle still continues, with new preventive measures being deployed to further strentghten the fortress. The InfoSec team has been handsomely rewarded for their bravery and efficiency in this epic struggle, when will they face their next enemy? Will they be ready for it?
The Struggle of Fabrikam
The tale of Fabrikam, however, was a different saga. This mid-sized kingdom was operating on Microsoft 365 Basic and Standard, with only default security shields. They lacked a SIEM fortress and a user awareness training program.
Their nemesis appeared in the form of a compromised manager account sending a message to an employee who, seduced by the deceptive email, transferred a hefty payment to an unknown bank account. Bereft of the sophisticated resources of their Contoso counterparts, the lone Fabrikam security knight had to delve into the event logs manually.
After an arduous investigation, they unveiled suspicious activities on the manager’s account. Regrettably, due to the absence of protective measures like MultiFactor Authentication and conditional access policies, the suspicious login had slipped past the gates unnoticed.
The manager’s account was reset, but the treasure had already been plundered. The legal skirmish to recover the transferred wealth is still being waged.
A new set of countermeasures is being proposed to prevent a new breach to happen, but the walls must be rebuilt from scratch. Standing on high ground for improved visibility and control will be required for Fabrikam’s next battle.
The Lessons from the Battlefields
The epic tales of these two incidents underscore the criticality of formidable security defenses, user awareness training, and cutting-edge IT resources. While Contoso’s proactive and well-resourced approach allowed them to triumph over the threat, Fabrikam’s lack of preparedness led to a costly defeat.
In the ongoing war against cyber threats, no kingdom is truly safe. Investing in an advanced security armoury, erecting a SIEM fortress, and empowering your users with knowledge are crucial strategies to fortify your defenses against the onslaught of cyber evils.
Final notes
Although I wish the above was just fiction, it was pretty much a “heavy” battle to counteract the cyber threats and research the root causes to provide valuable incident reports, lessons learnt and legal grounds for the recovery of the “lost” money in Fabrikam’s case.
Companies can no longer think about security in terms of “if”, but “when”. All companies and technological deployments are susceptible to an attack, either manually orchestrated or as part of bigger attacks and collateral damage. Prepare your troops for success, untrained and unprepared soldiers are easily defeated.
