Due Diligence vs Due Care - a true Dunning-Kruger story

"I did a quick Information Security review of the M365 tenant and I am struggling to understand why the IT provider did not complete all the tasks I asked them to do for the two potential compromised users back on Jan 14th. It seems the only thing that they did was just disable the accounts. Below are the same actions I asked them to complete. By only disabling the accounts, the active sessions were still active, that means a Threat Actor could still have full access to the account until the access token times out.

As you can see from the screenshots below, while the users were blocked from new log-ins to their M365 Accounts, but they still have licenses assigned and their MFAs are still set to their phones. One of the accounts has had several log-ins attempts from all over the world."

This is a typical story that Secret City Tech runs into when either working with an IT provider that had formerly been "doing their security" or one that we are working with that continues to tell the customer that they could save them money if they took over security.

Pure-play cybersecurity providers are that way for a very specific reason. It takes an incredible amount of specialization in the security portions of IT systems. Even more specialized for OT (Operational Technology or Industrial Controls) digital estates for any organization. Recently CISA (Cybersecurity and Infrastructure Security Agency) rolled out a binding order which outlines the removal of any out of support or non-serviced devices from the edge of the networks.

What does that mean?

Most companies purchase a set of devices and software from a provider to meet their cybersecurity needs, a process known as "due diligence." The provider may handle the deployment and configuration for the customer. Many providers claim to be "cybersecurity companies," but they are actually service integrators. While cybersecurity companies can deploy "controls" like antivirus software and firewalls, their role extends beyond that. It includes monitoring, updating services, conducting penetration tests to ensure functionality, and implementing additional services to address any misses or vulnerabilities in the deployed systems. Developing a unique set of solutions or even product that integrates and automates the entirety of security requires a pure-play cybersecurity services company. Not just a reseller.

A bit more about our story, we had to lock down the PC in question for one of the accounts. The user clicked on a PDF they should not have and ended up with a RAT (Remote Access Trojan) that was sent because the attacker had previously gotten in and knew how to attack this user. The company's authentication then quickly came under attack and the worst part? There wasn't any firewall that saw it. The attacker was already behind the firewall and it wasn't configured to be segmented. So the firewall never saw the whole attack. The customer refused to change their network when we redeployed their firewall because they said it would cause issues they had during a different time with another provider. We deployed our Secret AI Agent which combines log peeling technology with threat intelligence and network protection to ensure they were still protected and that is how our defenders at our Security Operations Center saw the attack.

In another reality, they would have been attacked with ransomware, lost PII (Personal Identifying Information) data, lost stakeholder trust, and had an expensive and weeks long recovery. We were able to save them from themselves because Secret City knows that protection and resilience doesn't end with due diligence. It requires due care.

REQUEST - If you've read this far down, you are entitled to a 20% discount if you mention due care when contacting one of our cyber mentors. Please reach out for a discussion and not a hard sell.