We are fully aware and are actively monitoring the Kaseya VSA attack. Both our security and executive team are in sync, reviewing and analyzing the situation since it surfaced. We are here with our customers to help you transform the way you get things done and want to do so with utmost security.
We have no reason to believe the Kaseya VSA attack impacts Syncro directly in any way. From the initial reports it appears that this was a remote system compromise of the VSA software and our technology stack is totally different from theirs. We have been on the lookout for any reports of ransoms from our user base but to date this has never happened on our platform.
We acknowledge that no platform is unhackable and all we can do is continually try to improve our posture any chance we can learn something new. Syncro is constantly improving our security. Our dedicated security team is implementing new secure engineering practices all the time. We have had 3rd party audits and pen tests in addition to regular feature reviews and a vibrant bug bounty program. In fact we just finished another pen test last month with no material findings. Our philosophy is not that you can never “become unhackable” but you must work to further security at all times and forever – and we will keep doing that – as our security interests and yours are well aligned.
As with the Solarwinds incident back in March of 2021, we will analyze with our security and engineering teams and see what proactive measures we can put in place to better protect us going forward. We will run similar scenarios and determine what mitigations or protections we could put in place in case hypothetical events were to take place against us.
If you have any information relevant to this incident that you think could impact our user base please reach out to firstname.lastname@example.org
-Troy, CTO & Rajesh, VP Engineering