More on the April 2024 Security Incident

In cybersecurity, it’s typically a question of when, not if, an incident will occur. Just this April, prominent companies including Microsoft, Air Europa, Palo Alto Networks, Okta, and 23andMe faced significant breaches, illustrating the pervasive challenges in our industry.

We all plan to avoid cyber issues. We fortify our systems, we engage cyber consultants, we train our teams to be vigilant and we never think the inevitable will happen to us.

At Sisense, we too recently confronted a security incident–the incident that impacted Sisense was not just an attack on our systems but on the trust of our customers, our users, partners, and in place us. In the two weeks since we first became aware of the incident, we have been focused on not only responding but also learning from this event and enhancing our awareness of the risks that bind us all in the digital age.

To ensure accurate information is publicly available, below are some key facts about the incident, and the key insights I’ve gathered.

The first 72 hours

During the first 24 hours when Sisense first became aware of the incident on April 9th, we immediately activated our response protocols, with relevant authorities. Further, we assembled a team of cybersecurity experts, launched an investigation to determine the cause and understand the impact, and notified all Sisense customers of the incident we were alerted to.

Over the next 48 hours, we initiated a variety of communications, including daily FAQ updates emailed to all customers, and conducted the first of three virtual customer town halls, all of which were focused on ensuring customers were apprised of the latest developments and our response efforts. As advised to our customers, Sisense also rotated all authentication credentials across the company and added enhanced monitoring to detect further unauthorized access.

Post the first 72 hours—a new perspective

After the shock of learning about the incident, an understanding that we are not alone in facing these challenges gave me perspective on dealing with this as a bump versus a tragedy. The recent breaches across various sectors remind us that cybersecurity threats are widespread. This understanding helps to focus on effective response strategies and view the incident as a surmountable challenge, especially pertinent for larger companies where such risks are an inherent part of operations.

Immediate response and the identification of affected customers

I knew an immediate response would be crucial, and that quick containment was critical in managing the situation effectively. As our investigation progressed, our team of forensics experts combed through the information and narrowed down the subset of potentially affected customers. Our evidence indicated that the information impacted in the incident consisted of incremental configuration backups related to only certain customers of the Sisense Fusion Managed Cloud product. We were able to ascertain that information related to customers of Sisense Fusion (on-prem) or Sisense CDT (also known as Periscope) products was not affected. Once identified, we immediately notified all customers whose information may have been impacted, ensuring transparency and proactive support.

Remaining consistent with communication

One of the most important factors we executed, and I learned was paramount, was maintaining consistency with our communications. We prioritized maintaining our customers’ trust through frequent updates, including video updates from me and daily FAQs, as listed above. Even when new information was limited, we kept the lines of communication open to reassure customers of our vigilance and commitment. This approach has been vital in preserving a trusted relationship during uncertain times.

Sticking to facts over speculation

One of the hardest aspects of the security incident was remaining patient as we waited for our investigation to reveal the facts. The desire for immediate answers was strong, but we committed to sharing only verified facts to maintain the integrity of our communications and the ongoing investigation. This approach ensured that all information shared was accurate and useful, prioritizing the security and needs of our customers. Often, customer obsession here means telling less, not more.

Identifying new leaders within our organization

This crisis highlighted the presence of hidden leadership across various levels of our organization, not just among those with formal titles. The commitment and initiative shown by team members during this time have been enlightening and inspiring, prompting us to further empower these emerging leaders and consider them for future larger roles.

Mitigation efforts and making our systems more robust

Protecting our customers’ data with the industry’s highest standards has always been a cornerstone of Sisense. Over the past two weeks, we have enhanced our security based upon what we have learned during the investigation. Some of the steps we have already taken include enhancing security incident detection and monitoring, rotating keys for our internal systems, and further restricting inbound and outbound firewall ports.

We are using this incident to further fortify our Fusion cloud platform, enhancing its security and scalability to better meet future challenges. This includes upgrades to our monitoring capabilities and the integration of cutting-edge technologies like XDR monitoring. The dynamic nature of cyber threats demands that we stay vigilant and adapt continuously, a process that not only improves our defenses but also keeps us humble and aware that there is always more to learn and room for improvement.

Learning from each challenge

As we move forward, our focus remains steadfast on supporting our customers and strengthening our defenses. We continue to provide our customers additional information as we navigate this incident and our customer success team has remained engaged with affected customers around the clock.

We encourage everyone to remain proactive about their security. For impacted customers, please report any suspicious activity related to your Sisense credentials, and if you have not already, reset any keys, tokens, or other credentials related to or used within Sisense products. Security is our highest priority, and together with our customers and partners, we will ensure a resilient and secure environment. We sincerely thank everyone for their continued trust and partnership in us–it inspires us to enhance our commitment to safeguarding our data and systems.

If you have any further questions or concerns, please do not hesitate to reach out to us at [email protected] or your Sisense account team.