The Trust Bridge (TTB) was contacted by Apparo when a client nonprofit partner suspected that they had suffered a cyber security incident. Apparo is a nonprofit that supports other nonprofits in overcoming their technology challenges, so they can do more to improve lives in their communities. Apparo relies on skilled volunteers to support their model and TTB was the right fit for this volunteer opportunity. In this case study the client nonprofit partner we supported will remain anonymous, as we are operating under NDA, however it is pertinent to know that the organization is a nonprofit, handling extremely sensitive personal data.
The nonprofit’s CEO reached out to Apparo for help when she It was suspected that a 3rd party (threat actor) had accessed some files with extremely sensitive information. It was difficult for her to determine if these files had been accessed, and any data extracted. This was the concern that the CEO had when she contacted TTB. Apparo’s Director of Technology Engagements, Jennifer Ray, then reached out to TTB to request that we leverage our cyber security experience to help the nonprofit partner address this critical problem.
The first key thing that TTB advised was to ensure that a secure environment, off line from the organization’s network, was established. We then ensured that multifactor authentication was adopted throughout the organization.
As many of the devices (laptops and cell phones) being used were not owned by the organization, but were personal, owned by the staff and used by them for nonorganizational / personal activity, we encouraged the organization to install Fido Keys on all the devices. Fido Keys are physical devices (that look a little like a USB stick) that uses hardware-based public/private-key cryptography to authenticate users of the device to which they are connected, for two-factor and multifactor authentication. (2FA/MFA) This gives an additional level of security to all devices, which can hen only be accessed by the authorized user. We advised a number of virus checking tools to be installed and some new practices regarding the use of email / log in and log out rules etc. A number of other policies and procedures were advised.
Once the devise and access to the organization’s network and file storage had been better protected to minimize any future attacks, we then started to examine which files had been accessed by the intruder and did a forensic analysis to establish if any data had been exfiltrated. Access to the logs should enable us to see whether a) the file names were looked at only or b) any files were accessed c) any files were altered.
Given that this client is a “not for profit organization”, funds are limited. Although it is often believed that investment in cyber security is expensive, it should not be, frankly, a discretional expense; the cost of operating these days includes the costs associated with information security, cyber insurance, training and incident planning. Any budget must include a line for this. Unfortunately, no organization is immune to the threat of an attack.
At TTB, we emphasize training of all employees and volunteers. In this case, the threat actors were able to access the files through a simple phishing email. It looked genuine, but they do!
Quote from the client: THANK YOU! I can’t say that enough for all of the guidance and support you’ve given us.
Some lessons learnt from this case:
Training of all employees and volunteers should be regular and refreshed
Policies for Data Privacy and Cyber Security should be written, distributed and all staff involved with the organization should read, digest and understand these.
All devices, whether owned by the organization or personal, should be protected
As soon as any incident is suspected, experts in the field should be contacted as they are well versed in these things and know the action to take
Use MFA on all logins at all times - you can further protect with the use of Fido keys
留言