Some companies see cybersecurity as a cost center. We see things a little different. LEARN MORE >
Our seasoned Chief Information Security Officers bring strategic guidance to your leadership team, helping you right-size your cybersecurity operations.
A full suite of manage solutions from our US-based Security Operations Center (SOC)—staffed 24x7x365 by a full team of experienced analysts.
You can count on our IR team to contain the damage from a cyberattack, investigate the origins of the breach and build better protections for the future.
With an abundance of solutions and providers, the task of choosing the right option is critical and can sometimes be overwhelming.
Contact UsWhen an insider threat strikes, every second counts
Of all the potential cyberattacks businesses will face—ransomware attacks create some of the highest levels of anxiety. There’s just something extra alarming about discovering all your data has been encrypted and finding yourself dead in the water holding a ransom note.
In the cybersecurity world, some of the most damaging threats we see often start from within. Unlike external attacks, they are launched by people you know; often a disgruntled employee who already has access to your systems and data.
Recently, this story became a reality for a major healthcare organization who found themselves racing against the clock to neutralize an act of sabotage. The incident—which was handled by our current Director of Incident Response, Tyler Hudak—demonstrated how urgent, intelligent response can stop a crisis from turning into a full-blown catastrophe.
The Situation
In this case, the malicious insider was an IT employee who planted a “logic bomb” into several critical systems. This malicious code was designed to wipe database tables from key servers, effectively sabotaging business-critical operations.
The employee set the logic bomb to go off about a week after they had been terminated, and the malware worked exactly as intended. Database tables disappeared from vital servers, disrupting operations and triggering a full-blown cybersecurity emergency.
Still reeling from the damage, the organization feared there were additional bombs elsewhere and suspected backdoors may have been left in place to allow the attacker to return.
Rapid Response
When logic bomb malware is involved, every second counts. Tyler and his team jumped on the case, using their tools, knowledge and speed to get the job done.
Once engaged, Tyler’s response strategy followed three focused steps:
The Results
The response to this incident was a success on several levels:
The Big Takeaway
Insider threats rarely come with warning signs. When sabotage hits, speed and clarity matter. And with the right team, tools and approach, even the most dangerous situations can be resolved.
Learn More
Don’t let insider threats take you down. Visit our Incident Response page to learn how Inversion6 can help you stay protected.