Happy and unhappy smiley faces

Hackers Wiped The Smile Off Of Their Faces

Introduction

This is the true story of a business with seemingly everything going for it, a company on a trajectory of growth. Maybe it was their fame that attracted the hackers, perhaps not―but they came nevertheless.

The SmileDirectClub’s Cybersecurity Incident

SmileDirectClub (SDC) offers teledentistry services throughout the world.  They produce and sell transparent retainers that fix crooked teeth with a 60-75% market share. In early 2021 they posted substantial numbers, and considering the previous year with the pandemic―they were poised for a great future.

Then tragedy struck. According to a filing with the Securities and Exchange Commission, SmileDirectClub experienced a systems outage caused by a cybersecurity incident on April 14, 2021. A ransomware attack was the cause.

The details are scanty, but it appears their IT Team responded quickly and isolated the affected systems. SDC brought in forensic technology firms to help and evaluate the damage. The filing also states that SDC’s systems are back online and performing normally. SDC did not pay the ransom.

A best-case scenario―you would think.

Strong Negative Consumer Reaction To The Breach

Despite the news that SDC handled the breach well and did not pay the ransom, revenues dropped from the $205-215 million range down to $10-15 million. Their stock soon followed.

Even though SDC has a strong security posture, people were concerned enough to stop doing business with them. Is it fair? NO! But it is reality.

Bottom line: you can’t stop customers from making negative assumptions after such an incident, even though the company had the best outcome possible. A single breach can be the “kiss of death” to a business.

The SmileDirectClub incident is proof that preparation is only part of the equation.  Businesses need to work harder to prevent breaches from happening in the first place.

Steps For Businesses To Take To Prevent A Breach

  • Follow a set of security protocols for your business, such as NIST.
  • If you don’t have your own IT department, then sign up with a capable Managed Services Provider (MSP) like XSolutions to manage your entire network, provide Help Desk Support, and advanced Security Services.
  • Have a written Backup Disaster Recovery Plan and make sure everyone knows their role. If you don’t have one, download our free template for immediate access.
  • Employ advanced security measures, including EDR, Firewall & EDR Synchronization, SOC, SIEM, Vulnerability Scanning, and On-call Incidence Response Team.
  • Have a comprehensive cyber-insurance policy in force.
  • Employ a comprehensive Business Continuity solution.

If A Breach Should Happen

Despite taking all of the above measures, a breach can still happen. No system is 100% foolproof. That’s why you need a failsafe.

All businesses should have a Hybrid-cloud Business Continuity system in place. Stop messing around with data-only backup. Yes, it saves your data, but a data-only backup cannot guarantee fast recoveries. When disaster happens, time is your chief enemy.

A Hybrid-cloud Business Continuity solution will:

  • Include an image-based backup for faster recoveries.
  • Have instant onsite fail-over to restore server functionality from an onsite local device quickly.
  • Save your backups to two geographically dispersed data centers for redundancy.
  • Give you bare-metal restore capability so that you can restore systems on different hardware.
  • Employ daily backup verification, ensuring your backups are viable and available.

Conclusion

Breaches, like hackers, are here to stay. They’re getting more sophisticated and bolder. As technology advances, so does cybercrime. They go hand-in-hand.

Be prepared. Don’t be “low hanging fruit” for cyber-criminals. Have a plan, harden your network, and think about Business Continuity (not just saving data).

XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection. Call (845) 362-9675 for a free consultation.