Let’s get one thing out of the way quickly: Ray Arambula does not consider this story his most perfect, shining moment. But what it does represent instead is a perfect example of how cybersecurity requires every single person in an organization to know that mistakes do happen, and we’re all responsible for what happens when they do.
Arambula, who now serves as the director of information technology for the American Association of Respiratory Care, was working at the American Society for Radiologic Technologists. Back then, he was the IT operations manager, already focusing on more managerial duties rather than hands-on day-to-day operations.
When a routine project came up — standing up a new server — but the association’s network administrator was out on vacation. Instead, Arambula stepped up to handle the task.
“I decided, I’ve done this many times. I used to do this day in and day out, so I can totally do it. I can take care of it no problem,” Arambula recalled. “I stood up the server, had a checklist, got it configured and got it set up based on what I remembered from the checklist. I got the application installed, and everything was working just fine.”
Just fine, that is, until it wasn’t.
About eight hours later, there was ransomware on the association’s network.
Arambula noticed it when he was looking around for certain files and found them locked.
“There was a nice friendly note saying, ‘we will unlock your files for a certain amount of bitcoin, send to this address to get started,’” Arambula said. “After doing some initial investigation after the first 5 minutes of freaking out, I noticed it was ransomware and immediately told my boss.”
The question then was, how does this happen?
“I had to put my head down, say it was my fault,” Arambula said. “I’d forgotten to put antivirus software on the server, which was part of the checklist and I ignored it because I’d done it so many times that I knew what to do. I knew that had to be done, but I was in a hurry and just forgot about it.”
Luckily, Arambula was able to get everything sorted out thanks to the routine collection of backups, and the end user was never the wiser. Everything was back to normal within another eight hours or so. But the lesson Arambula learned more than lasted.
Checking lists and following procedures set in place to protect your organization — and yourself — from cyber attacks are critical steps to do your part because no one is perfect all the time. And it’s key to have those backups for when mistakes do happen. Simply believing in cloud data management isn’t good enough, especially as technology continues to change and advance.
“With any trend, it’s important to think, what’s the security footprint on this? And think, OK, what happens if we are breached or this type of application is breached or this type of platform is breached?” Arambula cautioned. “Think in terms of not ‘if it happens’ but ‘when it happens,’ and build a plan from there.”