The Tragic Fable of Miss Risk, and Dr. Evil.....who paid the price in the end?
It was your average Tuesday morning, the sun was shining, the birds chirping, when Dr. Evil happened upon Miss Risk and her business’ weak IT environment. Dr. Evil was a stealthy artful hacker who prayed on the less fortunate business owners who had unsecure IT environments, and to Miss Risk’s misfortune, became Dr. Evils’ new target.
Dr. Evil, being cunning and crafty in his ways of fooling others, disguised himself as a trustworthy contact of Miss Risks that ultimately led Miss Risk into opening an encrypted malicious email.
Miss Risk recognized the mistake right away and immediately closed the email, hoping she was fast enough to prevent any real security and or data breaches. Miss Risk waited a few moments, praying she avoided the threat, and as the moments passed, it seemed the attacker was unsuccessful in gaining access and encrypting data company further. Miss Risk was overly relieved, brushing the sweat from her brow with a big sigh of relief to follow, all the while unaware she allowed Dr. Evil to gain access to the IT environment.
Dr. Evil was a very patient hacker… for months and months to follow, he sat quietly while watching, and waiting for the perfect time to attack. After the sun went down, many moons later, Dr. Evil, still undetected, went to work. Overnight he was able to completely disable all of Miss Risk’s security measures she’d put in place hoping to keep her business secure and stable.
When Miss Risk’s employees came into the office the following day, they were greeted with a breached network, encrypted data, and a ransomware note saying, “You thought you missed this risk, Miss Risk. Time to pay the price or close your business down forever. -Dr. Evil”.
The story above, a tale of a failed cybersecurity preparedness, is a common real-life occurrence of false security and false promises from many MSPs to their unassuming business owner clients. Ultimately, the result of the MSPs failed promises and half-hearted approach will leave business owners paying the price for the gap in alignment with best practices and framework-driven strategies, which are proven to prevent the large majority of these types of attacks.