Blog post Β· Case Study

The story of a cyber incident and some consequences

A story about a security incident in a middle-sized company. Email account was compromised, and thousands of emails were sent out in their name.

Aug 22, 2023


The other day I was listening to a story about a security incident. It happened in a middle-sized company.

One of their email accounts was compromised and thousands of emails were sent out in their name.

Their domain got to blacklists used to block the spread of infections.

They fought for about two weeks to be removed from these lists and get back their email services to normal.

Two weeks without emails. Just try to imagine.

The whole incident was told by the rightfully proud service provider (SP) who basically run an ad-hoc disaster recovery plan (DRP) and helped them out quickly.

The success is clear on the side of the SP. They did very well.

I started to think, what is the difference if this company works with us too?

Yes, there is a quick answer, which is about costs😊

It can be obvious, but not necessarily true.

Most companies are learning this afterwards a similar situation.

Before everything else, I have to tell I have been in these situations. With and without plans.

Sometimes we had business continuity plan (BCP), incident handling procedures and DRP as well. Sometimes not. The difference is huge. Especially in stress level and the speed of response and recovery (return to normal operations).

The first difference can be that probably they could have avoided this situation completely.

If they had a cyber security program in place, including a security awareness program.

An awareness program teaches your employees about the rules and the hygiene in the cyber space.

The second difference can be, that you have plans when something happens.

Then you are in control of the situation and not just follow happenings. Which are not clear for your team in most of the cases, because no one ever explained them.

If you have plans, that is great. Let us try them out. Let us see how they work. And when you see it working you will be in a very different state when something unwanted happens.

The calmness and control of the management with tested plans, will help employees to stay calm, follow plans and instructions.

Your team is prepared and not desperate and clueless. You all know that it will be solved soon.

Your team does not have to invent things in the heat of the moment.

In this situation the talking to your customers, suppliers, employees, banks, authorities, stakeholders, and in some cases to the media can be very exhausting and stressful.

And basically, very unnecessary if your company is prepared.

The last thing is about recovery.

If you have a plan and there are procedures and known and tested plans, your return to normal operations is much faster and with less stress.

It is like testing back-ups time to time, everyone knows that they are working, so everyone can be more relaxed.

The β€œbad news” is that all of these preventive steps are the responsibility of the management. They have the power to make it and make it happen.

About the Author

Jozsef worked as a CISO in a central hospital and in a school district. He is the founder and owner of Torotoro Ltd. He holds the following certifications: Security+ - CompTIA - 2023 Security Consultant - Ministry of Justice NZ - 2023 Certified Cyber Security Professional – Google – 2023 NZPA – NZ Privacy Commissioner – 2022 OPSWAT Certified Cyber Security Associate – OPSWAT – 2022 OSINT training – European Security Academy – 2021 Fortinet NSE – Fortinet - 2020 Virtual Agile Teams – IIL/PMI – 2020 ISO 27001 Lead Auditor – TÜV Rheinland InterCert Germany – 2019 NZQE recognized Level 7 General Informatics Diploma - 1996

Related Posts

Why kiwis are suffering in cyber?
Why kiwis are suffering in cyber?

Many experts say that Kiwis are suffering in cyber.
Especially in the SME sector, which means family and private businesses.
Let us enumerate a few reasons for this.

2023 CWE Top 25 Most Dangerous Software Weaknesses released

CWE or Common Weakness Enumeration table shows what are the typical (most frequent and critical) software vulnerabilities in software based on the US National Vulnerability Database (NVD). As they stated: β€œAn attacker can often exploit these vulnerabilities to take...