- Kaseya appointed former FBI agent Jason Manar as CISO, according to a company announcement Monday. Manar most recently served as a cyber supervisory special agent within the FBI, where his responsibilities included overseeing cyber and counterintelligence in the San Diego office.
- The company worked with Manar during the response efforts following July's ransomware attack. Kaseya was "so impressed with his qualifications and handling of the situation that we asked him to join Kaseya as CISO," CEO Fred Voccola said in the statement.
- During the response efforts mid-July, the company tapped Karen Sandhu as director of security operations, to oversee security in the cloud, IT and development, and assurance in Kaseya's products and services.
In a supply chain cyberattack, the REvil ransomware group targeted the IT monitoring firm leading up to the July 4 holiday weekend. The malware directly compromised at least 50 customers using the on-premise version of its Virtual System Administrator (VSA) software, while fewer than 1,500 downstream customers were impacted.
Kaseya did not pay the $70 million ransom demand, which was later reduced to $50 million, after it obtained the universal decryptor from a third party by July 22, the company said. Shortly thereafter, REvil vanished from the internet.
CISOs that come in on the heels of a cyber incident are typically ones that thrive in turbulence, according to Forrester. These types of CISOs don't mind the possibility of becoming "the punching bag" for future vendor presentations.
Companies with existing CISOs typically hold onto them during recovery. Manar is expected to oversee Kaseya's information security and compliance, with the added responsibility of ensuring government compliance globally.
Prior to the July ransomware attack, Kaseya had a CTO, Dan Timpson, but no CISO. Its former CSO and SVP of Operations, Rick Orloff, left the company in June 2020. Timpson is responsible for product development, security and cloud operations, according to Kaseya.
Former Kaseya software engineers and development employees criticized the company's executives for failing to address security concerns — namely outdated code and weak encryption practices, Bloomberg reported in July. One employee told the publication, "Kaseya rarely patched its software or servers and stored customer passwords in clear text … on third-party platforms, practices the employee described as glaring security flaws."
Because the VSA software had multiple exploitable vulnerabilities, REvil revisited the company, according to the Bloomberg report. The former employees knew of at least two more incidents in 2018 and 2019 from GandCrab and Sodinokibi, the former being REvil's original group moniker.