secure

Need The Best IT Services?

Call Us Today!

(719) 355-2440

Lessons Learned from the Rackspace Outage: Don’t Take Security for Granted

Key Points

  • On December 2, 2022, Rackspace experienced an incident that caused a massive outage for the company’s customers, leaving them without access to their email.
  • In response, Rackspace strongly recommended that customers move their services to Microsoft 365.
  • The incident at Rackspace reminds all companies of the importance of having a comprehensive cybersecurity plan.
  • Cyber security plans must be regularly updated and tested to ensure they are up-to-date with the latest industry best practices.
  • Companies should also consider investing in cyber insurance to protect against potential losses caused by a breach.

On December 2, 2022, popular managed cloud computing and hosting provider Rackspace experienced an outage that caused a massive outage for the company’s customers, leaving them without access to their email. Rackspace declared it a security incident the following day. In response, Rackspace strongly recommended that customers move their services to Microsoft 365.

On the morning of December 6, it was determined that this incident was caused by ransomware. Though Rackspace has revealed more information in the past few days, the cloud provider has yet to reveal whether they paid a ransom, who is behind the attack, or if customer data was compromised. However, from the information released, some credentials used within the environment have likely been compromised. Therefore, it is recommended that passwords used on Rackspace’s environment not be used elsewhere.

YouTube video

Hear From Our
Happy Clients

Read Our Reviews
Read Reviews about Colorado Computer Support

What We Know About the Rackspace Outage

On Friday, December 2, 2022, Rackspace became aware of an incident in its hosted Microsoft Exchange environments has occurred. The services affected included MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA) interface for accessing Hosted Exchange to manage email online. According to Rackspace, the issue was localized to a segment of their Hosted Exchange platform.

Rackspace provides impacted customers complimentary Microsoft Exchange Online Plan 1 licenses until the incident resolves. Comprehensive instructions for activating the free licenses and migrating mailboxes to Microsoft 365 can be found in Rackspace’s incident report. Customers are encouraged to review the information as soon as possible.

In their attempts to receive answers about the incident, Rackspace customers have revealed that they have been faced with long wait times and limited customer service. On Saturday, December 10, 2022, Rackspace released an update stating that they continue to work hard to provide the best support possible for its customers during the migration process. In the update, Rackspace revealed that as of Friday, December 9, more than two-thirds of their customers utilizing the Hosted Exchange environment have been successfully reconnected to their emails.

What Can We Learn From the Rackspace Outage?

The incident at Rackspace reminds all companies of the importance of having a comprehensive cybersecurity plan. While it remains unclear whether or not the ransomware attack could have been prevented, this incident illustrates how critical it is to have a plan in place that can quickly address and recover from an attack.

This incident also serves as a reminder of the importance of having reliable backups. While it is unclear whether or not Rackspace had adequate backups in place at the time of the incident, it is a reminder that all organizations should ensure that they have appropriate backups of their critical systems to minimize any potential downtime or data loss. This incident also emphasizes the importance of organizations understanding their responsibility for data security.

Organizations must understand their data security obligations as part of their IT risk management strategy and ensure appropriate measures are taken to protect customer data. There is no guarantee existing data in the Rackspace environment can be recovered. Customers should therefore plan for a transition without their previous data and look into alternative methods to retrieve any significant information. Small businesses and businesses that lack the proper resources to invest in security often suffer more from these types of security threats.

For example, businesses that lose data due to an outage or other security incident will typically endure a significant financial risk. Organizations could pay large sums of money to their customers and other parties without a robust data security strategy to mitigate the risk of financial loss due to data breaches and other incidents.

Also, organizations can suffer significant reputational damage without backups of emails, customer data, and other important information. Some organizations never recover from an incident, especially if customer data is compromised. Therefore, businesses of all sizes must understand the value of their data and ensure that it is stored securely.

The Increase in Ransomware Attacks Further Highlights the Need for Response Plans

For any professional tasked with guaranteeing the dependability of vital cloud infrastructure, this is an excellent time to assess the use of existing hosting and reinforce incident response (IR) and disaster recovery (DR) strategies to be prepared for any outages or incidents. This proactive step will help ensure businesses are equipped with the best protection against potential issues.

Businesses should also consider their overall risk profile and ensure that the necessary measures are in place to protect their data and applications adequately. Business leaders should ensure that the appropriate staff has been trained to handle any incidents quickly and efficiently if they do occur. By proactively preparing, businesses can be confident that they have a comprehensive plan to help protect their cloud infrastructure. ​

Your IR and DR plans should account for scenarios in which your cloud provider is unavailable. Significant incidents involving cloud providers are rare, but they can still occur. Preparing for outages, even minor ones like normal service interruptions or tenant-level compromises, is essential. All IR and DR plans should factor in these risks and include procedures to mitigate their impacts.

Additionally, a disaster recovery plan should have failover mechanisms to ensure continuity of service in the event of an outage. Comprehensive monitoring of cloud services is also important to ensure that any interruptions are quickly identified and addressed.

Questions to Answer While Creating Your Response Plans

Thinking and planning ahead can make all the difference when incidents occur. When creating your response plans, be sure to answer these questions:

  • What steps should be taken in the event of a ransomware attack?
  • What measures can be put into place to protect customer data?
  • What backup measures should be taken to minimize downtime?
  • Are all staff members adequately trained in incident response and disaster recovery protocols?
  • What steps should be taken to ensure continuity of service if a cloud provider is unavailable?
  • How will monitoring be used to identify and address outages?
  • What communication strategies should be employed to update stakeholders on the status of an incident?

A clear and comprehensive response plan will help ensure that your organization is ready to face any potential challenges and minimize their impact. By planning and staying up to date on the latest security measures, you can ensure that your data and operations remain secure. Answering the above questions will help you create a plan to protect your business and customers against potential threats.

Protecting Your Data From Security Threats

Organizations and individuals must proactively protect their data from various security threats. Common threats include ransomware, malware, phishing scams, viruses, and denial-of-service attacks. Businesses should ensure that all of their systems are updated with the latest security patches and software updates. They should also develop a culture of security to ensure that all staff members understand best practices for data protection.

Additionally, organizations should implement strong authentication measures such as two-factor authentication to help protect against malicious actors. Businesses should also ensure that their data is securely backed up and stored in an offsite location. This is important in case of a security incident, as it ensures that data can be quickly recovered without starting from scratch. Businesses can be confident that they have taken the appropriate measures to secure their cloud infrastructure by taking the necessary steps to protect their data.

Wrap Up

The Rackspace incident understandably caught its customers off guard. However, it also serves as a reminder of the importance of being prepared for any potential outages or security incidents. One outage can have devastating consequences for an organization, so it is important to ensure that your cloud infrastructure is secured and prepared for any eventuality.

Backing up your data can protect your business from security threats such as:

  • Data deletion
  • Legal liability
  • Reputational damage
  • Financial loss

The incident at Rackspace highlights the importance of proper planning and preparation for any security incident. A good response plan should include a comprehensive assessment of the organization’s security posture, risk management strategies for identifying and addressing threats, and a tested and proven incident response process. It should also include a robust capability to detect suspicious activity, investigate incidents, and report findings.

When you review your response plan, will you be confident that your business is ready to face any security incident? With the right tools, people, processes, and technology in place, your organization can be confident that it is prepared to respond quickly and effectively in the face of cybersecurity incidents. The key is planning, preparing early, and staying ahead of the ever-evolving threat landscape.

Searching For A Reliable Technology Service and IT Management Team?

Connect With CCS To Schedule An Initial Consultation
You consent to receive text communication from Colorado Computer Support by entering your phone number. Rates and terms may apply—text STOP to opt-out.

Latest Blog Posts

Mt. Carmel Veterans Service Center Supporting Veterans In Colorado
Mt. Carmel Veterans Service Center Supporting Veterans In Colorado

Discover how Mt. Carmel Veterans Service Center empowers veterans in [...]

Read More
Why Do Cybersecurity Data Breaches Continue To Happen?
Why Do Cybersecurity Data Breaches Continue To Happen?

Stay ahead of cyber threats with Colorado Computer Support. Learn [...]

Read More
The Risks Of New Cybersecurity Tools
The Risks Of New Cybersecurity Tools

Explore the potential pitfalls and vulnerabilities associated with [...]

Read More
Read The CCS Tech Blog

Certified and Verified Service-Disabled Veteran-Owned Small Business (SDVOSB)

Logo SDVOSB
Colorado Computer Support is a local IT company certified and verified service-disabled veteran-owned Small Business. When you use our IT services, you can be confident that you are dealing with a company owned by a disabled veteran and that they will be able to provide you with the best possible IT support.