Yet Another On-Premises Exchange Server Hack Reported

You’ve most likely heard that Colonial Pipeline out of North Carolina fell victim to ransomware last week, which forced the company to take down its systems and thus halt the pipelines. Colonial Pipeline is responsible for transporting 100 million gallons of fuel every day. Forty-five percent of all fuel on the East Coast comes from this pipeline. As the FBI investigates this attack, news is rolling out that the attackers used a known vulnerability with on-premises Microsoft Exchange servers.

Exchange Online is the safest option

These news reports coming out of the Colonial Pipeline breach highlight the importance of taking cybersecurity seriously. It is critically important that organizations take key steps to protect their assets and data from bad actors and insider threats. While we could provide numerous security recommendations around this scenario, there are a few key recommendations we wanted to specifically highlight.

First and foremost, we recommend moving from using on-premises software to using Microsoft 365 in the cloud and running Exchange Online. Both Microsoft 365 and Exchange Online will be kept up to date with the latest patches from Microsoft because Microsoft is responsible for maintaining both of the offerings. Other key recommendations include implementing both effective network segmentation and multi-factor authentication.

The Sikich IT Solutions and Cybersecurity team can assist organizations experiencing active data breaches. We have a unique skillset that allows us to help organizations prepare for threats, assist in implementing additional safeguards, or even manage network and security efforts on the organization’s behalf.

If you’re ready to move to Exchange Online or beef up your cybersecurity with an on-premises server, please contact us at any time.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author