Third Party Risk Monitoring

Cascading Risks and the Kaseya Hack

Written by John Bree

Supply Wisdom Risk Intelligence on Kaseya Ransomware
From reports of numerous former employees, Kaseya leaders knew of and failed to address cybersecurity concerns going back to 2017. Unfortunately, as a result, 1500 managed service providers and possibly more, experienced significant disruptions due to the ransomware attack.

For those 1500+ companies, the million-dollar, or in this case the $70 million Bitcoin, question is –  were there early indicators that, if known, could have prevented the disruptions?

Absolutely!  

Cyberattacks, like the Kaseya ransomware attack, are often the result of a cascading risk scenario. They originate in a seemingly unrelated area, but like a domino effect, these risks topple over and spread their influence, increasing in intensity with devastating effects.

To illustrate this point, there were early indicators, including the previous ransomware attacks that occurred between 2018 and 2019:

  • Employee attrition – Reportedly employees quit over frustration that new features and products were being prioritized over fixing cyber susceptibility issues
  • Negative employee ratings – As evidenced by many social media posts from current and former employees going back to 2015, the working environment was not considered employee friendly
  • Location risk – Software development positions previously in the US were outsourced to Belarus. Belarus is flagged as a high-risk location with known governance, IP, cybersecurity risks and more. Its close political allegiance with the Russian government presents a significant security concern.

The key to mitigating cascading risks is to take proactive steps to intervene early, but to do so requires early warning of trouble. How do you accomplish this?

Through continuous risk intelligence that monitors for changes across the entire risk landscape, beyond cyber to include financial, compliance, governance, operations, location, Nth party risks and more.

Due to the wide-spread impact of the Kaseya ransomware attack, we have made this subscriber-only resource openly available as we believe it to could be extremely useful to those affected. It includes Supply Wisdom risk intelligence on Kaseya, updates on the attack and recommendations to resume VSA servers and connect to the internet as well as maintain business continuity / resilience amid increased cyberattacks, and more.