Ukraine is changing the way we need to think about cybersecurity.

Ukraine is changing the way we need to think about cybersecurity.

CISA (The Cybersecurity and Infrastructure Security Agency) is warning organizations that Russia’s invasion of Ukraine could include malicious cyber activity against the U.S. and stated that “evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks”.  CISA asks that organizations report any malicious cyber activity. Additionally, during this time, every organization should adopt a heightened cybersecurity posture to be prepared to respond in the event of a cyber incident.

CISA provides recommended actions and resources to reduce the likelihood of a cyber intrusion, quickly detect a potential intrusion and ensure the organization is prepared in the event of an incident. These actions include but are not limited to:

  • Require MFA for all remote, privileged, or administrative access to the organization’s network.
  • Ensure all software is up to date (prioritizing known exploited vulnerabilities identified by CISA).
  • Disable all ports and protocols that are not essential to the business.
  • Confirm the organization is protected by antivirus/anti-malware software and update signatures in the tools.
  • Routinely test backup procedures and have an incident response plan in place.
  • Conduct employee awareness training to educate all personnel on how to prevent and spot a cyber-attack and improve your organization’s overall digital wellness.
  • Do not click any links that seems suspicious.

If you have been neglecting your digital hygiene, now is the time to get back on track, CISA advises organizations to plan for the worst-case scenario. Reference the recommended actions and materials provided by CISA and keep your organization educated and up to date on the potential risks and the importance of digital hygiene at this time.

The Importance of Cybersecurity in the Healthcare Industry

The healthcare industry has been digitally transforming over the past few years, especially due to the global pandemic. With this increase in technology comes an increase in risk and greater difficulty protecting patient privacy. Healthcare providers already have many crucial components to manage such as patient privacy and care, as well as the numerous compliances and regulations. Now that cyber-attacks are on the rise, healthcare providers are also working to keep their data and systems secure, but cybercriminals are taking advantage of this busy time.

Cybersecurity is a bit different and more complicated when it comes to healthcare and medical data. There are more digital systems than we typically realize. Patients fill their prescriptions and schedule appointments online. Not to mention heating, ventilation, air conditioning, infusion pumps, and many other systems that can be compromised by cybercriminals. The impact of a ransomware attack on healthcare data will be a much larger than most other industries because the data is extremely sensitive, and lives depend on it.  

According to Deloitte experts, the primary concerns for the healthcare industry are phishing, man-in-the-middle attacks, attacks on network vulnerabilities, and ransomware. To combat these types of attacks, clinics need to incorporate employee cybersecurity training, so that employees are educated on digital hygiene and know how to spot a threat. Clinics should also focus on data usage control, by monitoring, blocking, and logging any malicious activity, as well as implementing strict access rights (based on least privilege). Additionally, with mobile phones, apps, and other devices being more commonly used by administrative personnel, it is crucial to monitor any remote devices and disable any nonessential accounts. Businesses in any industry should be incorporating MFA, regular backups, and regularly updating software.  

The healthcare industry is growing rapidly, and so are cyber threats. If clinics can execute these security measures and keep up with them, they will be in a much better place to withstand any threat that arises and keep their data and patients secure.    

How Phishing is Leveraging Social Media

How Phishing is Leveraging Social Media

Social media platforms like LinkedIn, Twitter, and Facebook, as well as simple text messages have become a popular vector for phishing attacks. As phishers step up their scams, organizations need to keep their employees informed on how to spot them.

LinkedIn

LinkedIn is widely considered a trusted domain. This means that any malicious emails that are leveraging LinkedIn most likely will not get blocked by your anti-spam and malware filters. The “redirect” feature for business on LinkedIn that allows you to track ad campaign performance can also unfortunately be used by hackers to redirect users to phishing scams. If you are unsure whether a message is legitimate or not, take a pause and do your own research on the site or service in question.

Twitter

You may have heard of the July 15th Twitter hack that compromised high-profile, verified Twitter accounts. This phishing attack sent out fake tweets with links to a phishing site designed to steal cryptocurrency. Although people were scammed out of money, it could have been much worse, and information could have easily been stolen. If this type of scam can happen to celebrities, political leaders, and large corporations, it can happen to anyone.

Facebook

Earlier this year, Facebook users were warned of phishing campaigns disguised as Messenger chats. When it comes to Facebook, if you are getting unprompted messages from friends or people you know, asking you to click a link or provide any information, just ignore it. If you think it may be legitimate or important, reach out to that person with another means of communication and ask them to be sure.

SMS

As if social media scams aren’t bad enough, mobile phishing scams are becoming more popular than ever. With all the buttons and ads that pop up on your phone, it can be easy to let your guard down when it comes to mobile phishing scams. Then there is SMS phishing, which can install malware on your device and significantly control your device functionality. If you receive a suspicious text message, do not open it, and absolutely do not click on any links.

All it takes is one click for a hacker to compromise your device. Mobile security should be a top priority for any organization. With more employees using mobile devices for work and having their social media apps such as LinkedIn on their phones, organizations need to step up their anti-phishing capabilities to keep users secure no matter what device they are working from. Organizations should be including regular security awareness training to help employees understand these threats and how they target individuals and businesses. Phishing can come from any source, and you need to be suspicious of any and every suspicious message or link you come across.

Log4j: FTC Warns Organizations they may face Legal Action

The Federal Trade Commission (FTC) released an alert, warning companies that they may face legal penalties if they aren’t taking the proper steps to mitigate Log4j vulnerabilities to protect consumer information. Earlier this month, FTC officials said there is a “severe risk” to consumer products, software, and applications caused by a vulnerability in the Java logging package. This vulnerability is being exploited by hackers and it is critical that vendors who rely on Log4j take the proper precautions to reduce their likelihood of an attack.

An example of this is the Equifax breach, which was caused by failing to patch a known vulnerability. Because of this vulnerability, the personal information of 147 million consumers was left exposed. Equifax paid $700 million to settle actions taken by the FTC. The FTC intends to pursue any companies that fail to take steps to protect consumer data from exposures caused by Log4j, or similar vulnerabilities that may occur in the future.

The FTC advises companies to keep your Log4j software package updated to the most recent version, and reference Log4j Vulnerability Guidance provided by CISA. This FTC alert is a wake-up call to many companies that cyber threats are evolving, and so are security requirements and legal actions that will be taken if they do not take the proper steps to protect consumer information.

Can Employee Personalities interfere with Security?

Can Employee Personalities interfere with Security?

A company’s employees can often be seen as a weakness in terms of cybersecurity. In fact, according to the Verizon Data Breach Investigations report, 3 out of the top 5 threat actions involve human risk.  We all have biases in our thinking that can create risky behavior.  Some even argue that there is a connection between employee personalities and security.

The traits with the highest correlation to information security behavior (positive or negative) are risk taking, openness, agreeableness, and conscientiousness. For example, employees who score high on conscientiousness are less likely to engage in risky behaviors and vice versa. Employees who are natural risk takers and tend to engage in sensation-seeking activities may take chances when it comes to security.

Personality tests like Meyers-Briggs and DISC, have been used by organizations for screening and training purposes for years.  How should an organization use these tests for cybersecurity purposes?   There are no definitive answers, but here are a couple of thoughts:

  1. Build processes that create healthy behaviors. Well documented procedures for systems administration or development with a solid change management process, automated testing tools and peer review are an example of methods to ensure that proper behaviors are deployed consistently and minimize non-compliance. Pilots with decades of experience still use checklists to inspect planes, take-off, land and taxi;  your IT team should as well.
  2. Install tools that minimizes impact of non-compliance. Tools such as Multi-factor authentication, email and web filters and endpoint detection and response (EDR) can go a long way to mitigate non-compliant employee behavior.
  3. Conduct role- and behavior-based security awareness training. Best practice security awareness training states that an organization should provide security awareness training particular to the role the individuals plays in the organization. Consider paying particular attention to training those with non-compliant tendencies.
  4. Ensure that there are proper incident response procedures in place. Even with a fully “compliant” staff from a cybersecurity perspective, stuff happens. Make sure you have a solid incidence response plan and are testing it on at least an annual basis.

Finally, the most important area the organization should focus on is leadership and governance. Spend some time thinking about the personality of the organization’s culture and how it can positively or negatively impact risk behavior. Remember, people will tend to mimic the leadership’s style in everything they do, including cybersecurity behavior. Whether that’s a good thing or not, is up to you.