Brianna White

Administrator
Staff member
Jul 30, 2019
4,593
3,442
Boxer Mike Tyson said, “Everyone has a plan ‘till they get punched in the mouth,” and that’s how Robert Cioffi of Progressive Computing Inc. felt after experiencing a cybersecurity incident firsthand.
During a recent panel discussion at ChannelCon 2022, “I’ve Been Compromised, Now What?” Cioffi and Jay Tipton of Technology Specialists got vulnerable about their experiences being hacked. Cioffi said when it comes to cybersecurity, preparedness only goes so far.
“You can’t cover every permutation; we don’t have infinite resources. You’ve got to do enough that’s prudent, you’ve got to keep improving and keep trying,” he said. “Experience is a really wicked teacher.”
A Tale of Two Hacks
“A headline-making July 4 cybersecurity attack hit about 1,500 companies in 2021,” said Wayne Selk, CompTIA’s vice president of cybersecurity programs, who hosted the panel discussion at CompTIA ChannelCon. While hackers demanded $70 million from their victims, Tipton and Cioffi found themselves spinning out instead of diving in.
“I’m not a touchy feeling kind of guy, and stress to me is something you deal with, but in that high stress situation we were figuratively coming apart at the seams in ways that I can’t describe,” Cioffi said. “Everybody in my company always looked to me as the guy with the answers and I was staring into an abyss.”
The stress caused him to freeze — a common traumatic stress response — and waste valuable time. Tipton experienced the same challenge. Even with an incident plan and a hundred priorities to address, his problem-solving skills failed him. “I couldn’t make a decision, I couldn’t process it all,” Tipton said. It took support from confidants in the cybersecurity community to get them refocused and ready to work on a solution.
Unexpected Challenges
Tipton had an incident response plan, but it didn’t do him much good. The only copy was tied up in the attack. “Everything was in [the platform],” said Tipton. “What I never thought to think of was, ‘What if that goes down? What if I can’t get to it?’” Eventually he remembered an uncorrupted backup where he could access a copy of the plan, but he didn’t think of that solution until a full day later.
Cioffi’s challenge was in communicating the right message. A breach coach walked him through some suggested language, but he couldn’t get behind it. “I said, ‘If I give them this legal speak, it’s going to destroy 30 years of relationships.” In the middle of a data breach, you’ve still got to maintain communication and manage your business relationships. 
Continue reading: https://connect.comptia.org/blog/how-two-msps-got-punched-in-the-mouth-things-you-don-t-consider-until-you-get-hacked
 

Attachments

  • p0008688.m08284.i_ve_been_compromised_now_what_andrew_liverman_anderson_robert_cioffi_blair_da...png
    p0008688.m08284.i_ve_been_compromised_now_what_andrew_liverman_anderson_robert_cioffi_blair_da...png
    244.4 KB · Views: 9
  • Like
Reactions: Brianna White