Back on March 3, 2021 the company issued this statement:
“Certain CompuCom information technology systems have been affected by a malware incident which is affecting some of the services that we provide to certain customers. Our investigation is in its early stages and remains ongoing. We have no indication at this time that our customers’ systems were directly impacted by the incident.
As soon as we became aware of the situation, we immediately took steps to contain it, and engaged leading cybersecurity experts to begin an investigation. We are also communicating with customers to provide updates about the situation and the actions we are taking.
We are in the process of restoring customer services and internal operations as quickly and safely as possible. We regret the inconvenience caused by the interruption and appreciate the ongoing support of our customers.
Okay, so what does all this mean?
It’s obviously easy to blame the company for the breach, but I try to look pass the logo to see the actual people who are employed and the work that they are doing every day to serve their customers. It’s why we used a pic of some of their staff in this story. I do not know how much of the blame that their team deserves, but that is something that the market and their customers will ultimately decide. To be fair, no MSP is immune to this risk. MSPs have to be right 100% of the time but hackers only have to be right once.
It’s yet another great example of the type of risks and damages facing MSPs in the cyber security business. It’s another reminder that the risks are real and failure comes with significant consequences to both the end-customers and the MSP.
If you are interested, you can digest the actual break down of the $20 million+ price tag to CompuCom and its parent company ODP (Office Depot), but it is basically going to impact many layers of the business including customers, profits, revenue, credibility, stock price and people.
It is clear that cyber security is a changing landscape and what was best practice an hour ago is not a guarantee to be best moving forward. You may want to investigate what actually caused the breach and how they tackled the problem so you may learn but in the big picture, it’s just another wake up call for all MSPs to revisit their entire security playbook and game to ensure that it is the best that it can be.
The most successful MSSPs, MSPs and SOCs are the ones who are on the ball 24/7 and constantly hunting for the next possible vulnerability before it happens. Complacency is a sure way to be blindsided. If you are not willing to put in the effort or simply cannot get ahead of this cyber attack game, then it may be time to consider outsourcing to someone who can.
If you are looking for fresh ideas and leading-edge solutions in the fight against cyber attacks, check our the amazing companies that we interview for eChannelNEWS The Daily Breach news column.