https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Ransomware skull and crossbones

The Balancing Act of an Incident Responder

  • Written by Edward Gately
  • March 4, 2020
Incident response is like running a fire department.

Ransomware attacks throw organizations into chaos, and incident responders like Rob Morrow are thrust right into the middle of it to help regain control while navigating among terrified staff as an outsider.

Morrow is a network security engineer/incident response at Beyond Computer Services, an Atlanta-based provider of managed IT services. He didn’t start out in IT, but found his calling after an organization he worked for experienced a cyberattack. His diverse background has allowed him to look at both IT and incident response through a unique lens — that of a victim.

In a recent blog, Morrow chronicled his recent experience responding to a ransonware attack. The following is an excerpt:

Beyond Computer Solutions' Rob Morrow

Beyond Computer Solutions’ Rob Morrow

“I walk into the office of said undisclosed location, at which point I only had an address and point of contact. I still had no idea of what was waiting for me once I was able to settle in. I get the usual “oh … who is that and why is he here” looks I have come to love and hate. I know what I have in store from a personal standpoint, yet I still have very limited knowledge of what I am actually there for. I make the rounds and introductions, and start to realize the depth of the hell that I have just walked (voluntarily) into. While a lot in my position would say ‘oh, it is just another ransomware attack,’ I have the problem that will lead to my eventual burnout and downfall, the dreaded empathy. I feel for these people, they have been working night and day trying to make sense of what happened, and finally the hopelessness set in and I got the phone call. This of course means I am already behind the proverbial 8-ball. This is never a good place to be. I understand the embarrassment that comes with an attack, the feeling of what did we do wrong, what could we have done differently, etc. The questions are endless. Now not only do I get to fight the battle of containment, I have to fight the battle of people hating me right out the gate because they feel I am there to pass blame or say what they did wrong. This is the part of the job I always dread.”

Addressing the incident, which involves containing the network and recovering data, requires gaining the trust of overworked and demoralized staff members, and in this case, communicating with two CIOs who didn’t get along.

“[I] have to get these two to understand that the betterment of the company comes first and nothing else matters at this point until it is rebuilt,” Morrow wrote in his blog. “Sounds easy right? Not so much, these two were not having it and trying to sabotage each other at every turn. Option B, keep them separate, have them delegate projects listed by priority, cross reference lists, build my own and try to keep them happy in the process. This includes finishing bits and pieces of what they want interspersed within what needed to be done. OK, challenge accepted, I like to multitask. Not the way I wanted to do things, but when does leaving backdoors for access ever go as first planned. It works so between getting work done, I now have to answer to both separately, have separate meetings and alternating phone calls. Plus, help fix a problem with a third-party program that tested my development skills. For those that don’t know me I am in no way a developer, but Google and GitHub are my friends.”

Chris Noles, president of Beyond Computer Solutions, said his company services businesses in an industry that is being widely compromised because …

  • Page 1
  • Page 2
  • Page 3
Tags: MSPs Business of Security Endpoint MSSP Insider Network

Related


  • Magnifying glass focused on the word exposed
    Despite Drop in Data Breaches, Exposed Records Jump in 2020
    Health care was the most victimized sector last year, accounting for 12.3% of reported breaches.
  • Cybersecurity Roundup
    Insured Losses from SolarWinds Hack Mount, But Could Be Worse
    The cost of breaches keeps going up at a rate faster than revenue growth for many companies.
  • Security breach
    With SolarWinds Breach, ‘The Hackers Aren’t the Problem’
    Find out who, instead, is the problem and how MSSPs must fix their own, and clients', IT environments now.
  • Risk, Threat, Vulnerability Assessment
    Tenable Research: Publicly Known Vulnerabilities Increased in 2020
    Ransomware was by far the most popular attack vector in 2020.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Beyond SolarWinds, Russian Hackers Target Austin, Texas
  • How FortiSOAR Can Help MSSPs Provide Differentiated Service Portfolios
  • Barracuda Researchers Say Hackers Know Their Targets, Getting Smarter
  • Is It Time to Switch Your RMM and PSA?

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Rise in Remote Work Increases the Need for Patch Management

January 27, 2021

Partners Share Their 2021 Goals—and Plans for Achieving Them

January 26, 2021

The Importance of Being Security-Centric

January 22, 2021

Webinars

View all

Your Network Perimeter Has Changed

February 18, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue

January 26, 2021

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Building an efficient and profitable #patchmanagement practice in 2021 @ConnectWise #cybersecurity #endpoint #MSP… twitter.com/i/web/status/1…

January 28, 2021
ChannelFutures

International effort takes down #Emotet botnet, but @Netenrich, @digitalshadows, @Vectra_AI say it will be back.… twitter.com/i/web/status/1…

January 28, 2021
ChannelFutures

.@Microsoft @Azure’s Tyler Bryson, new U.S. channel head, talks priorities at @GetNerdio’s #NerdioCon… twitter.com/i/web/status/1…

January 27, 2021
ChannelFutures

.@CryptoStopper hires @GetChanneled to build partner program, act as virtual channel chief. #ransomware… twitter.com/i/web/status/1…

January 27, 2021
ChannelFutures

MSSPs, check for this ‘novel’ social engineering threat from North Korea. #Google. dlvr.it/RrTS9J https://t.co/2mDcnNvkHz

January 27, 2021
ChannelFutures

.@keepersecurity report shows financial sector heavily targeted by #cybercriminals. dlvr.it/RrTBPz https://t.co/joTBNeb2MT

January 27, 2021
ChannelFutures

.@Trustwave unveils new global referral partner program. #cybersecurity dlvr.it/RrT9Td https://t.co/amXCw33UsF

January 27, 2021
ChannelFutures

Ecosystem security provider Cyberpion launches first #partnerprogram. dlvr.it/RrSnxK https://t.co/g7Po3jq8iw

January 27, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X