A gaming company suffered a hack and points the finger at its service provider.
It's the headline that keeps MSPs up at night. So let's dig in...
In this brief post, we will:
Razer, a Singapore and US-based gaming hardware company, was hacked in September of 2020.
Today, they are in trial against Capgemini, the behemoth IT services company. Razer is suing for millions in losses related to the hack.
Razer collects vast amounts of data and wanted to put their data to productive use. They company needed a platform to collect and process enormous amounts of data, coming in from multiple sources.
That's when Capgemini got the call.
Their advisors at Capgemini did what they do well and came up with a solution to Razer's challenge. That solution was implementing the ELK Stack internally. (ELK stands for Elasticsearch, Logstash, and Kibana.)
With this implementation, the company would have a platform to ingest, search and visualize their data.
But then there was a problem.
Razer contends that their consultants did not properly configure security settings, exposing vast amounts of data to hackers.
Razer got hacked.
The company claims that they got hacked precisely due to this misconfiguration.
This led to millions in losses and, not surprisingly, a very large lawsuit.
For those interested in diving deeper on the details, you can find those here. Meanwhile, we're going to turn our focus to the takeaways for MSPs.
This story is a reminder that you need to take all reasonable steps to eliminate opportunities for mistakes.
The terms of your contracts and SLAs mean a LOT. These can dictate your liability after an unfortunate event like this. There are even stories of insurance companies going after MSPs when one of their clients gets breached.
After a compromise, things can get very ugly, with lots of blame and finger pointing going around.
One key to reducing risks is automating any services you can - safely.
We hear it a lot from Partners who admit that they've not fulfilled 100% of their product or SLA obligations. It's really hard!
At INFIMA, we take the workload of one of those products off your plate with fully automated Security Awareness Training.
We wish we could automate your entire stack so you could spend your time sending us selfies from the beach.
Alas, we can't do that (yet).
We certainly can take this hours-long burden off your plate.
INFIMA simply makes it easy to provide a complete, fully automated Security Awareness Training program.
If you're an MSP and want to learn more, go check out how we work with Partners here. If you like what you see, book a time to chat!
Photo by Pixabay
Join the newsletter to receive the latest updates in your inbox.