author photo
By Bruce Sussman
Tue | Feb 12, 2019 | 10:57 AM PST

An email provider with the tagline "Making email safe for the masses" says hackers have wiped out its entire U.S. database—with no indication of a ransom demand. 

Just destruction.

VFEmail tweeted "Every VM is lost. Every file server is lost. Every backup server is lost."

hackers-wipe-out-email-company

The company also revealed this information on its website: "We have suffered catastrophic destruction at the hands of a hacker, last seen as aktv@94.155.49.9," and it claims to have caught the hacker in the act:

hacker-caught-in-the-actThe tweets garnered replies showing customer support because of the transparent approach to incident response communication.

[RELATED: Lessons from Wells Fargo: Is Communication Part of Your Incident Response Plan?]

However, many in InfoSec find a great deal of irony in this attack.

VFEmail claims to boost your cybersecurity by scanning every email before it gets to your inbox. But what about the company's own data security?

Chris Morales, head of security analytics at Vectra, puts it like this:

"The first thought that comes to mind is this is a service being sold as a secure email. The second is that if this is secure email then where are the offline backups and archives? Offline backups might not give a full restore to the exact date data was lost, but it would prevent the complete loss of all historical user data. Offline backup is the same strategy organizations are using to counter loss from ransomware."

Cyber risk is business risk

One thing we've heard repeatedly at SecureWorld cybersecurity conferences across North America is that cyber risk is business risk. 

And when it comes to small companies like VFEmail, hacks and cyber attacks can prove fatal.

So why aren't SMBs doing more for cybersecurity? Here are three reasons we've come across:

  • A lack of awareness: "Leaders believe the company has nothing of value."
  • A lack of resources: "One IT or security employee has to do it all."
  • Security as an afterthought: "Push out slick new ways to serve the customer, then we'll secure it."

Hopefully, stories like this will help motivate a change in the overall SMB security posture in 2019 and beyond.

[Free training resource: SecureWorld 2019 cybersecurity web conferences

Comments