Situation
A leading supplier of food ingredients and products with locations in the United States and Canada experienced a large-scale cyberattack, shutting essential systems down and stopping operations throughout the multi-facility organization. RSM had provided infrastructure consulting services previously to the business and was a well-known advisor to the client. With all support systems down at the time, one of the RSM professionals received an urgent text message from the vice president of finance and operations indicating help was needed immediately to avoid further business interruption.
Solution
The RSM team quickly responded by meeting with the client to assess the situation and to identify what was needed to address the cyberattack. It was determined the actual attack was of a ransomware variety. Experienced team members were quickly assembled, including enterprise resource planning (ERP) consultants, security and privacy leads, infrastructure consultants and more. Key to addressing the attack was to restore the client’s ERP systems, which was done quickly. Subsequently, the team rebuilt the company’s infrastructure to restore the client’s entire online production environment.
In the hours that followed, the RSM team assessed and remediated many issues and potential risks throughout the environment. One of the more critical areas was to restore the client’s SharePoint environment, which was deemed an important system for the client’s efficiency and functionality. It was a big win once that was operational. In the days that followed as operations returned to functionality and business as usual, the RSM team continued to monitor systems.
Overall, the client required help with building their security program. RSM got things started with a rapid assessment and road map development. The rapid assessment included a maturity benchmark for the program and then penetration testing to identify flaws that needed to be remediated.
Results
Basic business operations were restored within hours once RSM was on the scene. Full functionality was restored in days, and this was done during the Christmas–New Year holiday. Other results included:
- The client continues to be free of cyberattacks.
- A full incident report was provided so the client could determine key preventive measures going forward.
- Recommendations for security-threat solutions were provided to the client to mitigate any future attacks, protect data and monitor potential risks.
- The client benefitted from RSM’s cross-functional team, including consultants from ERP, infrastructure, risk advisory, security and privacy and more, all working holistically and optimally for the client.
- The quick response of the RSM team reduced further damage to the client, which in turn helped to protect sensitive data, reduced further business interruption and controlled overall costs of the attack.
- The team demonstrated first-choice advisor traits by being collaborative with RSM professionals and the client, showing quick critical thinking to assess and address the cyberattack, while also demonstrating commitment and care of the client and our long-term relationship with them.
- The client was provided an actionable road map to continue to develop its security program to prevent this type of attack and be flexible to prevent new types of attacks as they grow.