Amanda Groves, principal at Groves Law in Waterdown, Ontario, Canada, did something we all do every day: She clicked a link in an email from what appeared to be a trusted source. The link led to a SharePoint site that requested login information -- unfortunately, Groves fell for a cleverly disguised link in a phishing email.
For all the security awareness training, warnings and advice on how to avoid being a victim of these attacks, they remain incredibly common and successful. IBM research showed that phishing scams are the leading initial attack vector, responsible for 41% of incidents. And according to GreatHorn, 57% of organizations face phishing scams weekly or daily. Nearly 1.2% of all emails sent are malicious, accounting for 3.4 billion phishing emails daily.
And human error continues to play a significant role, contributing to 74% of security breaches, according to the Verizon Data Breach Investigations Report (DBIR) 2023.
Meanwhile, CSO Online reports that 80% of security incidents are attributed to phishing, with losses totaling $17,700 every minute due to these attacks.
"Amanda Groves, as an attorney, has plenty of confidential information about clients and their cases. And what happened was that she, like many others, fell victim to an attack," said Dan Candee, CEO of Cork. "In a credential phishing attack like this, the attackers have somehow tricked the human on the other side to put their credentials into a system which then exposes data. Amanda is like so many other people in that she thought it was 'friendly,' and she did as she requested, and she exposed over 10,000 records into SharePoint," Candee told ChannelE2E.
From Attack to All Clear in 39 Minutes
But what could have been a horror story instead has a happy ending. Because Groves Law's MSP, Birmingham Consulting, is a customer of Cork. And thanks to Cork’s cyber risk insight platform, Scott Birmingham, CEO of Birmingham Consulting, and his team had already flagged unusual activity in Groves’ account, noticing suspicious logins and Duo push notifications from unfamiliar locations.
Birmingham read the alerts correctly, mobilized to address the situation and, 39 minutes later, Groves Law was secure, Candee said.
"They jumped into action, locked down the compromised account -- everything was quarantined, secured, and they verified that nothing had actually gone out to the attackers," he said.
What does that kind of fast incident response and remediation worth? For Groves Law, it's priceless. Especially because, as Candee explained, the firm's cyber insurance policy excluded remediation services.
"What [Birmingham] did would have been an out-of-pocket cost, and it would have taken valuable time," Candee said. "You have to get in touch with insurance, figure out what happened, how to fix it, and how to pay for it -- that would have been out of pocket for Birmingham. Instead, Birmingham was able to do what they needed to do to get their customer back to business because they weren't worried about 'Where is the money gonna come from?'" he said.
Cork's Cyber Warranty Closes the Gap
Here's how it works. Cork's detection engine includes more than 40 integrations that cover 93% of EDR, MFA, backup, etc. solutions, Candee said. These API-based agentless integrations work with an MSP's existing technology stack and can give an MSP insight into a client's entire environment within about 30 minutes.
Candee said Cork is adding approximately three to four new integrations per month as the company grows and plans to hire additional engineers over the next six months to keep building out the platform. The Cork platform also links to CIS controls and NIST compliance standards, among other frameworks, to help MSPs map clients' security posture to best practices.
That means the engine can detect weak points and vulnerabilities in security posture and alert an MSP that they should address those risks. It reduces the size of the attack surface to help ensure customers follow compliance mandates and security best practices.
"We're making significant improvements and investments leveraging AI and ML, too, because we have such immense books of data on what incidents look like across multiple vendors," Candee said. "We have propensity modeling to see where the bad guys like to attack in what areas and what technologies, so we're able to anticipate some of those things and inform our customers what to pay attention to." He added that, over the last six months, Cork's core platform identified more than 1.3 million incidents that were yellow- and red-flagged and informed partners about those risks.
If an incident occurs, like what happened to Groves Law, MSPs have the technological and financial freedom to spring into action.
Cork's cyber warranty service issues an e-credit card that MSPs like Birmingham can use to immediately cover expenses. In this case, Birmingham had access to $10,000 for covering incident response and advisory services -- and even covered pizza for the Birmingham team.
"We cover all of those things and more, happily," he said. "And what it results in, in this case, was zero dollars for the client and 100% coverage of time and materials for the MSP. That means she remained secure and compliant, and it's almost like the mistake never happened," Candee said.
For Birmingham, Candee said, the value goes far beyond just the monetary.
"Now, our partner is a partner for life with this client of theirs because she didn't have any business interruption, and her out-of-pocket expense was zero. And when it comes to outcomes, that's the thing we all dream of," Candee said.
