Weekly Video: December 12, 2022

Written By Shay Colson

12–12–2022 (Monday)

Hello and welcome to another edition of Cyber Risk at Deal Speed, your weekly video update on the one big thing in cybersecurity for private equity investors and portfolio company management teams.

I’m your host, Shay Colson, Managing Partner for Cyber Diligence at Coastal Cyber Risk Advisors, and you can find us online at coastalcyber.io

Today is Monday December 12th and this week’s One Big Thing is ransomware. Specifically,

  1. What can we learn from Rackspace’s Hosted Exchange ransomware incident?

Let’s jump in.

Rackspace Email Goes Down, Hard

Starting on December 2nd - now 10 days ago - hosting and managed services company Rackspace began experiencing outages on some of their email environments.

Rackspace has a fairly significant hosted email business, and by the end of the day on 12/2 had shutdown their entire Exchange environment.

Over the next couple of days, they remained vague in their communication about the cause of the outage, and worked to migrate customers over to Microsoft 365 for email.

Four days later - on 12/6 - Rackspace finally confirmed that the incident was ransomware, but remains vague - even to today - about whether they paid a ransom, and how the attack was perpetrated.

Ten days into the incident, more than 1/3rd of their impacted customers (“tens of thousands,” according to the company) are still without email, and many are likely to lose their email data permanently.

I think we should give Rackspace at least some credit for their transparency throughout the incident, but they are already facing several class action lawsuits and at least one researcher has suggested that Rackspace hadn’t updated their versions of Exchange to address a known vulnerability over the summer.

So what should we take away from this incident as operators and investors?

  1. Renewed Emphasis on Third Parties. If “third party cyber risk” isn’t something being talked about by your C-Suite and Board, this should be the catalyst. Unfortunately, I suspect even a very thorough security review of Rackspace wouldn’t have identified this issue, but that doesn’t mean we shouldn’t get better at assessing risk in our third parties, especially those that provide business critical services.

  2. Backups. While not being able to send and receive emails is certainly problematic, Rackspace offered each user a 100GB mailbox - and we all know how critical “old emails” can be to businesses. In most businesses, email is the system of record - and to lose that, all of it, overnight - is tremendously impactful. Businesses need to consider what data is critical to their operations, and whether it’s being appropriately archived in a cadence and manner that’s going to be available if and when needed.

  3. Response Plans. When I run tabletop exercises for clients, it can sometimes feel silly to include a scenario where you lose all your email for a week, or longer. But not anymore. What will you do if your communications channels are disrupted? Do you have a plan in place? Do you have the data and numbers and addresses you need? I think we don’t realize how reliant we are on email until it’s gone. Make a plan now, so that you don’t get caught in the scramble with tens of thousands of other customers trying to migrate to M365 overnight.

  4. “Best of Breed.” I think we’re going to see a consolidation to the largest players in this space (Microsoft and Google), and in other spaces. This sort of an incident will likely sour many medium and large enterprises - and even small enterprises - on the idea of working with a second-tier provider of a critical service.

Some are noting that this event is likely the largest successful ransomware attack on cloud service provider, which may very well be true. It’s unfortunate that Rackspace is going to have to be the poster child here, but it will certainly raise quite a few may push some systemic responses to ransomware.

Fundraising

From a fundraising perspective, last week saw a record announcement from Thoma Bravo, and a weekly total of more than $41B in newly committed capital.

And, we’ve seen Thoma Bravo put that war chest to use, already committing to buy Coupa Software for $8B.

We are now looking at nearly $200B in raised cash for Q4, which is really quite something. I suspect we’ll hit that quarter trillion mark for the quarter in a year end sprint.

Best of luck to all the firms with new capital to deploy!

You can find all the links to the stories we covered in the comments section below, find back issues of these videos and the written transcripts at cyberriskatdealspeed.com, and we’ll see you next week with another edition of Cyber Risk at Deal Speed.

Links

https://status.apps.rackspace.com/index/viewincidents?group=2

https://www.expressnews.com/business/article/Another-class-action-lawsuit-filed-over-Rackspace-17640869.php

https://doublepulsar.com/rackspace-cloud-office-suffers-security-breach-958e6c755d7f

https://www.barrons.com/articles/deere-caterpillar-cnh-heavy-machinery-electric-51670691334

Shay Colson
Previous

Weekly Video: December 19, 2022
Next

Weekly Video: December 5, 2022