Alert & Declare: (877) 364-9393
Member Emergency Hotline
Emergency Hotline
Agility Recovery +

As a technology-dependent society, we out to learn from cybersecurity lessons from the past major cyberattacks to protect not only our assets but also our clients’ private information from any data breaches. On May 12th, 2017, the WannaCry ransomware attack was an international buzzword. Beginning in Europe, the malware quickly took over the globe, demanding users’ money for return of seized data. Using information stolen from the U.S. National Security Agency (NSA), hackers attacked more than 200,000 machines worldwide, affecting different industries and businesses of all sizes. Just a few weeks later, a new cyberattack emerged, hitting companies’ data worldwide, totally wiping it from hard drives. So how come after one major cyberattack of the year, some companies were still unprepared for what NotPetya had to bring? Let’s take a look at the cybersecurity lessons learned from major cyberattacks after myriad companies failed at protecting their assets.

An In-Depth Defense

An attack can come from anywhere, anytime. That’s why implementing extensive and multi-layered security measures to protect the organization’s critical data, ranging from customer data to private internal files, is a top priority for any business. Exercising incident response plans is an effective practice that can bridge the gap between companies’ policies and practices. However, the only way to make sure practices match the intent of cybersecurity policies is for businesses to conduct regular staff training and test exercises, such as tabletop tests . Doing so will enable operational staff to get familiar with the incident response process .

Timely and Accurate Communication

Communication isn’t always about handling the media when the attack goes public. In the event of a cyber attack, keeping everyone involved on the same page is integral to a company’s reputation. Addressing such an incident internally early can and will help mitigate the effects of it and properly translate an incident into what actually needs to be done. A cyber incident response team must run an investigation to understand what part of information got compromised and to what extent did that affect the clients. Managing the crisis at hand and getting the facts right is the foundation of the ethics of communication. Most companies that have been affected by a data breach agree: proper digital housekeeping can provide a lifeline during a cyber incident.

Proper Digital Housekeeping

Experts stress the fact that the database entry logs play an important role in investigating a cyber incident. Good data housekeeping can improve cyber incident response. Even though it’s so impactful, not all cybersecurity responders get it handed to them once the need arises. There are many organizations that neglect to update their logs and transfer them to an appropriate person, which will definitely interfere with an investigation.

Securing a Service Level Agreement (SLA)

For an effective response, having the right contract in place will allow timely access with SLAs to the information a company needs in the event of a cyber attack. If your vendor is withholding some critical data, you must have a contractual means to fall back. Establishing SLA in advance will be your agreement with your provider, either external or internal, that outlines the services to be provided, the expected responsiveness, and performance measurement.

As we rely on technology more and more, exposure of companies’ intangible yet precious assets is increasing due to a growing number of data breaches and relentless ransomware attacks. Frequently, cyber incidents bring their own BI losses. Companies rank cyber as the BI disrupter they fear the most because many companies’ principal assets are data, service platforms, or groups of customers or suppliers. Cyber incidents can prompt widespread losses.

$3.86 Million is an average cost of a data breach
*Cost of data breach report, IBM & Ponemon Institute, 2018

Although cybercrime steals the media spotlight, often it is more ordinary technical malfunctions, IT flaws, or a human error that stand behind system outages or data losses for businesses. An employee’s mere mishap can lead to a costly fall-out.

58% of organizations publicly exposed at least one cloud storage service
*Cloud Security Trends, RedLock, 2018

However, even with such high numbers being reported, a business can’t account for every single dollar spent to recuperate from disruption, so the losses can be a lot more profound.

Analysis of Data Breaches

  • – System Glitch
  • – Human Error
  • – Malicious or Criminal Attack

It’s in every company’s interest to adopt an adequate IT security position, evaluate its processes and risk profile, and invest in proper backup solutions and staff training. The last element is frequently overlooked, yet it’s equally significant, especially for small- and mid-sized companies. Businesses need to think about all of their employees as members of the cybersecurity team and train them to become the first line of defense. Loss of revenues and additional costs can come from malicious acts, but the overwhelming majority happen because of technical glitches or a human error.

Major cyberattacks

How will you respond when ransomware targets your business? We say “when” because 71 percent of cybersecurity experts believe there’s a moderate to extreme possibility their organizations will experience ransomware attacks in the next 12 months. Here are our top recommendations for protecting your data against ransomware in 2019.

Ransomware in the Cloud

Nearly 44 percent of the malware found in the cloud is carrying ransomware, and in 2017, attacks against cloud storage increased. This threat is exacerbated by the fact that cloud applications are available on demand. Any employee can go online, sign up for a free service, and download infected software. If they share a service with other employees, the infection can rapidly spread to other systems, thanks to the sync-and-share functionality that’s common to many cloud applications. Your risk increases if employees access data stored in the cloud using personal devices that aren’t properly maintained, patched, and updated. To reduce ransomware threats from shadow IT, make sure you have a bring-your-own-device (BYOD) policy in place, look for unusual activity on the network, and follow the rest of our tips below.

Patch Everything

The WannaCry attack infected more than 200,000 computers in 150 countries — all by exploiting vulnerabilities in older Microsoft operating systems. In fact, as Webroot’s VP of cybersecurity and engineering points out, many of 2017’s ransomware attacks could have been mitigated simply by patching systems. It’s worth noting that the colossal Equifax breach — although not a ransomware attack — was reportedly caused by an employee’s failure to apply a software patch . To thwart criminals exploiting known vulnerabilities in trusted applications, the solution is simple (though admittedly easier said than done): Patch everything. Patch your applications, software, hardware, and connected devices as soon as updates are available.

Train Employees

Timely employee training is one of the most effective ways to combat ransomware, as it typically enters the organization through an employee opening a compromised email attachment, falling for a phishing email, or visiting a compromised website. It’s getting harder to spot scams because scammers are skilled at harvesting data from social networks and other online researchers to spoof an email from a well-known brand or impersonate trusted content. In fact, spoofing and impersonation comprise 67 percent of successful phishing attacks. Spammers are also hijacking legitimate domains , which they use to create phishing pages. The sites’ good reputations allow the newly created phishing pages to slip past anti-phishing filters. However, these are only two examples of a growing list of phishing tactics. That’s why it’s important to regularly train employees on how to look for the telltale signs of phishing attacks. Training should be mandatory, but to fully engage employees, communicate the message that they’ll learn valuable cybersecurity skills to apply in their personal lives. After all, phishing and ransomware target individuals too.

Maintain Backups and Test Your Restore Process

If all else fails and your data is encrypted, having current backups is the best defense against ransomware. By restoring from backups, you can avoid paying the ransom. That’s why, unfortunately, some strains of ransomware are now going after backups, especially if they’re stored in the same environment as your production systems. WannaCry , for example, deleted volume shadow copies, which Microsoft Windows automatically creates to allow users to easily recover their data. Network-attached backups are also at risk. After having its data encrypted by ransomware, one police station refused to pay the ransom , knowing that its data was backed up. Unfortunately, the backups were attached to the network and had also been encrypted. To protect yourself, back up your data frequently and segregate it from your production environment. Be sure to monitor backups for completeness and accuracy as well. Of course, a backup is only as good as the restore, so it’s important to routinely test your restore process. Include any disaster recovery vendors you work within your tests to make sure they can restore your company’s data within your recovery time objectives (RTOs ).

Know How You’ll Respond to a Ransomware Attack

While you’re working on restoring your systems after a ransomware attack, a comprehensive business continuity plan with a strong focus on cybersecurity can minimize the impact of downtime. For example, will you need to temporarily revert to paper-based processes? Will workflows need to be diverted? If so, know in advance when, how, and where you’ll carry out the recovery. Finally, employees should be trained on any systems and procedures to be used during downtime. Don’t waste any time creating a response plan. Get started now. For more details, read our blog post “ Five Ways to Thwart a Cybersecurity Nightmare .”

In the ever-evolving landscape of cybersecurity threats, proactive measures are essential for protecting sensitive financial data.

For one forward-thinking credit union, partnering with Agility Recovery to conduct a ransomware impact analysis (RIA) uncovered critical vulnerabilities in their hybrid work model and led to a comprehensive security overhaul. This success story highlights the steps taken and the positive outcomes achieved, showcasing the value of a robust RIA in safeguarding operations and ensuring business continuity.

The Challenge: Unseen Vulnerabilities in Home Offices

With the rise of hybrid work environments, the credit union, like many organizations, faced new cybersecurity challenges. While their main office was fortified with strong security measures, the home offices of their hybrid employees posed a significant, yet overlooked, vulnerability. Despite using virtual private networks (VPNs) and antivirus software, the RIA conducted by Agility Recovery revealed that many home office setups lacked comprehensive protection against sophisticated ransomware attacks.

The RIA Process: Identifying Critical Gaps

Agility Recovery’s RIA involved a thorough assessment of the credit union’s entire IT infrastructure, focusing on both the central office and remote work environments. Key findings included:

  1. Inadequate Endpoint Security: Many hybrid employees were using personal devices without proper endpoint security, making them susceptible to malware and ransomware attacks.
  2. Weak Network Security: Home Wi-Fi networks often lacked strong encryption and were vulnerable to breaches.
  3. Outdated Software and Systems: Several remote workstations were running outdated software, increasing the risk of exploitation by cybercriminals.
  4. Lack of Awareness and Training: Employees were not fully aware of best practices for cybersecurity in a home office setting, leading to risky behaviors.

The Solution: Implementing Comprehensive Protections

Armed with the insights from the RIA, the credit union collaborated with Agility Recovery to implement a multi-faceted security enhancement plan. This included:

  1. Enhanced Endpoint Protection: Deploying enterprise-grade endpoint security solutions on all devices used for work, ensuring robust protection against malware and ransomware.
  2. Securing Home Networks: Providing employees with guidelines and tools to secure their home Wi-Fi networks, including router configuration tips and recommendations for strong passwords and encryption settings.
  3. Regular Software Updates: Establishing a policy for regular updates and patches to all systems and applications, ensuring that vulnerabilities were promptly addressed.
  4. Cybersecurity Training: Conducting comprehensive training sessions to educate employees about the importance of cybersecurity, safe browsing practices, and how to recognize phishing attempts and other cyber threats.
  5. Secure Backup Power & Connectivity: With more employees working engaging in remote work, the credit union enhanced their remote resilience with portable backup power and connectivity units. This solution would not only protect employees from cyber threats when they worked from home or another location, it would also ensure that regional power outages would not impact employees’ productivity at home.
ReadyTechGo

The Results: A More Resilient and Secure Hybrid Workforce

The impact of these measures was immediate and profound. The credit union reported several key outcomes:

  1. Reduced Vulnerabilities: The implementation of endpoint protection and secure home networks significantly reduced the vulnerabilities in their hybrid work model.
  2. Increased Awareness: Employees became more vigilant and knowledgeable about cybersecurity best practices, leading to safer behaviors both at work and at home.
  3. Enhanced Incident Response: With a stronger security posture, the credit union was better prepared to detect and respond to potential ransomware attacks, minimizing the risk of significant disruptions.
  4. Improved Confidence: The credit union’s leadership and IT teams expressed increased confidence in their ability to maintain business continuity and protect sensitive data, even in a hybrid work environment.

Get Started: Proactive Measures for Long-Term Success

This success story illustrates the critical importance of conducting a ransomware impact analysis, especially in today’s hybrid work environment. By partnering with Agility Recovery, the credit union was able to identify and address significant vulnerabilities, ensuring that their employees’ home offices were as secure as their central office. The proactive steps taken not only enhanced their overall security posture but also reinforced their commitment to protecting their members’ financial information.

Talk to an Agility expert today about how your business can use RIA insights and tools to safeguard operations and protect critical systems from of emerging cyber threats.

A multi-location long-term care (LTC) facility in Florida provides critical care to elderly and medically vulnerable patients. With Florida’s high risk of hurricanes, flooding, and severe storms, combined with the increasing threat of cyberattacks, the organization faced dual challenges in protecting its operations.

The facility must comply with strict healthcare regulations , including:

  • HIPAA (Health Insurance Portability and Accountability Act) for patient data security
  • HITRUST for cybersecurity best practices
  • CMS Emergency Preparedness Rule for disaster resilience

While the facility had disaster recovery and cybersecurity measures in place, leadership realized they needed a   more proactive, integrated approach to ensure regulatory compliance and improve overall resilience.

The Challenge: Addressing Cyber & Natural Disaster Risks

The LTC facility identified three major risks:

  1. Cybersecurity Threats: Ransomware attacks targeting patient records and medical devices.
  2. Natural Disasters: Hurricanes causing power outages, flooding, and operational disruptions.
  3. Regulatory Compliance Gaps: Meeting CMS, HIPAA, and HITRUST requirements for both cybersecurity and emergency preparedness.

Previously, the organization relied on annual audits and manual penetration testing, but that left them vulnerable between testing cycles. They also conducted emergency drills but lacked a structured, expert-led tabletop exercise program to integrate cybersecurity and disaster response.

The Solution: PTaaS & Tabletop Exercises for Continuous Preparedness

To strengthen security and disaster resilience, the facility partnered with Agility Recovery to implement a dual approach: 1. Continuous Penetration Testing as a Service (PTaaS) for Automated Cybersecurity Monitoring

  • Weekly security scans identified vulnerabilities in EHR systems, medical devices, and third-party software.
  • Automated compliance reports simplified HIPAA and HITRUST audit preparation.
  • Real-time alerts helped IT teams remediate security risks before they became incidents.

2. Tabletop Exercises Led by an Agility Certified Business Continuity Planner

  • Quarterly tabletop exercises simulated hurricanes, cyberattacks, and power outages.
  • Cross-functional teams, including clinical staff, IT, and leadership, participated in real-world scenario testing.
  • Exercises identified gaps in disaster response and cybersecurity incident plans.

3. Integrated Business Continuity & Cybersecurity Strategy

  • The Agility Business Continuity Planner helped the facility update and refine its emergency response plans.
  • Cybersecurity risks were incorporated into the overall disaster recovery framework.
  • Post-exercise debriefs provided actionable recommendations to improve response time and decision-making.

Results: A Resilient Long-Term Care Facility Protected Against Natural Disaster and Cyberattack Interruptions

Since implementing continuous PTaaS and structured tabletop exercises for common regional events like hurricanes, flooding, and power outages, the LTC facility has achieved:

  • 100% compliance with HIPAA, HITRUST, and CMS emergency preparedness requirements.
  • Zero unpatched high-risk vulnerabilities in EHR and patient data systems.
  • Improved emergency response times for hurricanes, power outages, and cyber incidents.
  • Better staff preparedness through hands-on training and incident simulations.

Key Takeaways for Healthcare Organizations

For long-term care facilities in high-risk regions like Florida, a proactive approach to cybersecurity and disaster recovery is essential. Combining automated penetration testing with expert-led tabletop exercises ensures that both cyber and natural disaster risks are addressed. ✔ Continuous security validation with PTaaS to protect patient data and IT systems. ✔ Scenario-based training to prepare staff for real-world threats. ✔ Seamless compliance with HIPAA, HITRUST, and CMS requirements. Being prepared is non-negotiable. Secure your facility, protect your patients, and ensure compliance with Agility Recovery’s tabletop testing and cyber resilience solutions .

Company Profile

  • Industry: Insurance
  • Company Size: Mid-sized regional insurer (500+ employees)
  • Location: Headquarters in Chicago, with satellite offices across the Midwest
  • IT Infrastructure: Cloud-based policy management system, on-premises file servers, VoIP phone systems
  • Regulatory Compliance: SOC 2, PCI DSS, HIPAA (for health-related policies)

The Challenge: Phishing Attack Compromises Critical Systems

In early February, the insurance company fell victim to a sophisticated phishing attack targeting employees in the claims processing department. A fraudulent email, appearing to come from the company’s CFO, instructed recipients to log in to a fake security portal.

Within hours:

  • Multiple employee credentials were stolen, giving attackers access to the internal document management system.
  • Sensitive customer data (SSNs, financial details, and medical policy records) was exfiltrated.
  • The company’s email system was locked down, preventing customer service representatives from accessing important policy information.
  • VoIP phone systems were compromised, preventing inbound and outbound calls.
  • IT security shut down key systems to prevent further spread, causing a complete halt in operations.

With customer data at risk, the company needed an immediate recovery plan to continue serving policyholders and mitigate reputational damage.

The Solution: Agility’s On-Demand IT Equipment & Data Recovery to Ensure Business Continuity

The insurance company activated its Agility Recovery membership, and within hours, a comprehensive IT recovery plan was deployed:

1. Immediate Deployment of Replacement IT Equipment

  • Laptops and workstations shipped overnight to enable remote employees to resume work.
  • Pre-configured cloud-based workstations deployed to access backup systems securely.
  • Temporary secure email platform established to restore communications.

2. Secure Network & Communications Restoration

  • Dedicated VPN and satellite internet provided for secure remote access.
  • VoIP phone system replacement enabled customer service agents to assist policyholders.
  • Multi-factor authentication (MFA) protocols enforced to prevent further breaches.

3. Data Recovery & Compliance Support

Outcomes & Business Benefits

  • Operations resumed within 24 hours, preventing major revenue loss.
  • Customer support was restored, minimizing policyholder frustration.
  • No regulatory fines or penalties—compliance requirements were met.
  • Executive team used this incident to justify investment in ongoing cybersecurity resilience.

Conclusion

This phishing attack could have crippled operations for weeks, but with Agility’s on-demand technology and data recovery solutions, the insurance company recovered rapidly, protected its reputation, and minimized financial impact.

Key Takeaways:

  • Fast IT Equipment Deployment—Laptops, servers, and workstations arrived within hours.
  • Secure Connectivity Restored—VPN and satellite solutions enabled remote access.
  • Compliance & Risk Mitigation—Adherence to SOC 2, PCI DSS, and HIPAA standards.
  • Minimal Business Interruption—Operations resumed within 24 hours instead of weeks.