fbpx
Is your Business at Risk from an Advanced Persistent Threat?

Is your Business at Risk from an Advanced Persistent Threat?

by | Jul 9, 2019

More than just a single hacker or thief trying to take advantage of your business or steal information about your customers or products, the Advanced Persistent Threat is the super-villain of the hacking world and needs to be prepared accordingly.

Defining the Advanced Persistent Threat (APT)

An APT or Advanced Persistent Threat is a sophisticated and coordinated network attack that allows an invader to access a network and to remain there, undetected, for a significant amount of time. The typical attacker has a goal of stealing data; APT attackers often set their sights on businesses and organizations with valuable secure data. An APT attacker often targets government agencies, financial institutions, and other businesses dealing with high-value information.

The Navy recently detailed the five stages of a cyber intrusion. 

A recent piece in Wired magazine highlighted the growing number of Romanian cyber criminals who have focused on stealing from US consumers at a rate of over $1 trillion each year. Unlike the stereotypical hacker who lives and works in his mom’s basement, these cybercriminals have learned to band together and collaborate. These collaborations in Romania and around the world allow a team of criminals to work together, increasing their potential gains while reducing their risk of prosecution by local law enforcement.

While these cybercriminals cause headaches for consumers, they rarely launch large-scale attacks against business organizations. Nations-sponsored espionage teams often engage in the same sort of collaborative efforts as their consumer swindling counterparts but focus on long-term gains and results. These organizations are often identified as Advanced Persistent Threats, and as the name indicates, they are both skilled at infiltration and likely to make repeated attempts to damage your organization.

Related: The Financial Industry’s Biggest Threat

Since APTs are clouded in secrecy and their operations can vary, learning more about how they operate and how they have impacted other organizations can help you protect your business from this particular brand of criminal.

Recent APT Attacks in the News

  • Anthem Health Insurance was targeted by hackers, and authorities believe that the attackers may have had access to the system for over six months before they were discovered. Malware and a series of faked domain names opened the door into the network, though the actual entry point is unknown. In all, hackers were able to operate within the network for eight weeks before being discovered and they were discovered by accident.
  • In 2015, the US Office of Personnel Management was breached, and hackers stole multiple terabytes of confidential information. The breach impacted over 20 million individuals, as the hackers were able to identify defense contractor users and target the specific systems they were operating.
  • Sony lost large amounts of data in 2014, including unreleased movies, private information, data about roughly 6,000 employees, and various other pieces of confidential information. According to the FBI, only about 10% of organizations would have been prepared to withstand this malicious attack

How an APT Attacker Gets Into your Network

  • The attacker will heavily research the target organization, focusing heavily on the people who work there in the hope of exploiting someone for information. Once a few targets have been identified, the APT hacker then launches a phishing attack to gain credentials or access to the network.
  • Once inside, the attacker explores the network and begins to slowly remove or export information. If service disruption is a goal, then the attacker may also attempt to disrupt operations or even cause physical damage to the organization.

Related: Top Cyber Security Websites

What can be done about Advanced Persistent Threats?

The security industry continues to create new protection and detection methods; these are used to identify possible issues and potential vulnerabilities before the criminal can get in. Various methods are used to shore up the technological side of the equation, but employee education and training are a must if an organization wants to prevent an attack by an APT.

Improve Employee Awareness and Education: Employees are a weak spot and can be easily exploited by any group wishing to harm your organization. Your workers do not have to be malicious to allow an APT attacker to access your system; they can be tricked by phishing scams, faked websites, and other methods. Boosting education and employee awareness of this type of attack can help reduce the risk of human error or malicious activity.

Better yet, monitor your organization’s endpoints so malware can’t execute. It’s possible with managed endpoint detection and response. 

Consider Baas or DRaaS: Both Backup as a Service and Disaster Recovery as a Service make it fast and easy for your brand to recover if you are breached. By having an up-to-date backup in place you can access your files and network from a remote location, without losing data. When you opt for DRaaS or have a robust recovery plan, you ensure that your business runs without interruption and that you don’t lose time and money restoring your full systems on a new network.

Choose Enterprise-Level Anti-Virus Protection: Multi-layered antivirus software and packages can help protect your system; the right AV system will include behavioral analysis and the ability to recognize and remove unknown programs and malware. A consumer solution may not offer the level of security needed to block an APT attack. Since infiltration is only the first step, regular monitoring of the way your systems are accessed via behavioral analysis can help you recognize an intruder and limit the amount of damage they cause.

Manage Devices: Any device, including smartphones, tablets, and other mobile devices that can access your system also exposes you to risk. The devices allowed to connect with your enterprise can be targeted for infection or data theft, allowing an APT attacker a way into your system. Placing limits on data transfer, using encryption, and monitoring the way devices access your system can help cut your risk.

Include that in your overall cybersecurity strategy. Consider outsourcing the security monitoring of your SIEM, endpoints, patching, and vulnerability protection with a single service. 

Awareness of the danger is an ideal first step when you want to protect your network from APT attacks. Having an emergency backup plan in place and a robust disaster recovery setup can help you get back to work quickly if the worst happens.

Defend Against Advanced Persistent Threats

Try PREtect
How to Prevent Data Breaches in Healthcare

How to Prevent Data Breaches in Healthcare

by | Jun 27, 2019

Data breaches in healthcare are rampant in today’s cyber threat landscape. Is it possible to prevent them? Security must become ingrained in the strategy of the organization. Keep reading the following tips to ensure success.

Why instigate data breaches in healthcare? The reason is apparent that the pharmacies, hospitals, doctors, and clinics practices have valuable information. Healthcare organizations attract cybercriminals as they are goldmines of private, personal information. Thus, there is a need to protect securely the information.

How Can Companies Prevent Data Breaches?

Ensuring the security of sensitive information has become a top priority for companies across all industries. The threat of data breaches is constantly looming, which can have significant consequences in terms of financial losses and reputational damage. To prevent such incidents, companies must implement a robust cybersecurity framework that addresses potential vulnerabilities. This entails several measures such as regular software updates, multifactor authentication, employee training on safe online practices, and limiting access to sensitive data only to authorized personnel. By taking these measures, companies can protect themselves against potential data breaches and safeguard their reputation and integrity.

10 Ways to Prevent Security Breaches in Healthcare Sector

1. Ensure that all software is properly updated: Regularly updating your healthcare organization’s operating systems, medical devices, electronic health records, and other software can help prevent attackers from exploiting outdated vulnerabilities.

2. Implement strong authentication systems: Multifactor authentication (MFA), using two-factor or biometric authentication could help protect patient data against unauthorized access.

3. Train and educate employees on data security: Regularly providing training to employees in areas such as phishing prevention, password management, mobile device security, etc. can help reduce the risk of data breaches due to human error.

4. Limit access to sensitive data: Implementing least-privileged user access controls can limit the scope of a potential data breach by granting access only to those who need it.

5. Encrypt patient data: Encrypting sensitive EHRs and other PHI can help protect them from unauthorized access, even if attackers gain access to your system.

6. Monitor medical devices and IoT networks: Regularly monitoring connected medical devices and IoT networks can help identify potential vulnerabilities and malicious activities before they become a serious threat.

7. Conduct periodic risk assessments: Regularly assessing the security posture of electronic health records (EHRs), as well as other sensitive data can help organizations identify potential risks and take steps to mitigate them.

8. Implement physical security measures: Securing physical access to medical equipment and other assets, such as servers, can help protect against potential data breaches.

9. Implement robust backup plans: Regularly backing up EHRs and other sensitive data is a crucial step in ensuring that patient information remains safe even if there is a breach.

10. Prepare for the worst: Developing a comprehensive incident response plan can help organizations respond quickly and efficiently to any data breach that may occur. This includes contacting affected parties, conducting investigations, and providing support. Additionally, having a clear policy on what should be done if a data breach occurs can help healthcare organizations better protect their data in the wake of an attack.

Causes of cybersecurity breaches in healthcare

The causes of cybersecurity breaches in healthcare are the same as any other industry – lack of security protocols, human error, malware and viruses, weak passwords, and inadequate patch management. However, the healthcare sector faces additional challenges due to its vast array of legacy systems that are often challenging to secure. In addition, there is a huge amount of sensitive information stored in these systems which attackers may target.

Health Insurance Portability and Accountability Act (HIPAA)

Enacted in 1996, the Health Insurance Portability and Accountability Act (HIPAA) is a federal law designed to ensure that health information remains secure and private. HIPAA regulations include requirements for protecting patient data under the Privacy Rule, as well as data security standards under the Security Rule. These regulations establish specific safeguards that healthcare organizations must take to protect patient data from unauthorized access, use, and disclosure. HIPAA compliance is mandatory for any organization that handles PHI or electronic health records (EHRs).

Data Breaches in Healthcare

If you look at the healthcare wall of shame, it seems the healthcare industry shows a lax attitude toward security procedures.

This lax attitude makes data breaches in healthcare almost inevitable.

Based on the high amount of personal information available within healthcare organizations, a data breach will only devastate patients and providers. There is a need to prevent data breaches in healthcare and it means tightening the security. A few actions to shrink a data breach possibility:

Perform Yearly Assessment of Security Risk

There are a lot of things going on in an organization in 12 months. This involves infrastructure enhancements, integration of a new system, employee turnover, and organizational restructuring. It is prone to vulnerabilities to take place.

Performing yearly assessments of security risk helps the providers to review the protocols of security and to assess system vulnerability, besides understanding the security measures to be improved.

Learn about healthcare data breach impacts

Accepting the fact that not all the people working with healthcare data are tech-savvy, there is a need to be more careful. This is because less or a lack of knowledge may cause a security breach. The risk is high and acquiring proper technical knowledge should be made mandatory.

Educating employees on data breaches and their impacts is the foremost step to preventing the breach from happening. Educating employees or the amount spent on data security learning is an investment. The cyber attack risk is reduced only when there are educated employees.

Nicknamed the “Healthcare Wall of Shame” the U.S. Department of Health and Human Services must post a list of breaches of unsecured protected health information affecting 500 or more individuals, based on the HITECH Act. You can see the number of individuals affected, the type of breach, and the location of breached information.

Related: The Financial Industry’s Biggest Threat

Monitor records and devices

Constantly reminding employees about being mindful of using electronic devices and leaving unattended paper records is helpful.

Avoiding a healthcare data breach also involves paper records getting stolen. Thus, safeguarding a patient’s information is everyone’s responsibility, and the employees must ensure to keep data safe.

While security awareness training is important, the service has proven to be more effective in managed endpoint detection and response. 

By managing the endpoints and having the ability to prevent malware from executing, it’s possible to prevent data breaches in healthcare.

Install hardware and encryption of data

Encryption is critical to prevent data breaches in healthcare. It is the best way of safeguarding data. There is a need to ensure data is not accessed and so encrypting patient information is a must. Besides, the vulnerable hardware such as network endpoints, servers, medical devices, and mobile is the right decision.

Implementing data encryption is a must. Money spent on the protocols of encryption will soon outweigh government penalties, legal fees, forensics, negative publicity, and potential lawsuits that run into millions.

Restricting patient information

The healthcare environment always has many hands working and patient information is always in use. This is the reason it is important to limit access to data and to manage carefully the user’s identity.

Controlling access to information is rightly done by logging on and off the machines that are shared. These are safe methods that help in identifying a computer that is logged in or left unattended.  Running automation helps to check these protocols and ensures safety and efficiency for that involved.

Modernize IT Infrastructure

A common scene in hospital environments is outdated computer hardware. The healthcare environment must have secure equipment.  It is observed that even today in many hospitals Windows XP is in use.  Microsoft has already ceased support for XP and there are no new patches of security available. It means with XP users the healthcare data breach is open.

There is a need to realize the importance of healthcare data. Hospitals have sensitive information and are data banks. If someone breaches and lays a hand over a confidential medical record, it will be a disaster for the healthcare system.

Patching is vital, especially in older equipment. A Managed patching and vulnerability service could help prevent data breaches in healthcare.

Invest to defend networks

The truth is that hospitals require more doctors and nurses, but there is a need for supportive hospital administration.  There is a need to be careful of the medical data and to take preventive measures to safeguard the data.

Preventing cyber attacks implies that healthcare should invest in defending networks so that there is no data breach. The healthcare data should not be mitigated and so ensure your staff is vigilant and aware of data protection.

When you start with the security strategy, you can create a framework for all security-based decisions. Read more about People, Processes, and Technology here.

Subnet wireless networks

Nowadays, offering Wi-Fi as free access has become common. Hospitals are also offering the same. The key is to ensure the patients are not stranded and the Wi-Fi access allows them to access their requisites.

Offering patient Wi-Fi access is not wrong, but it should be done by creating subnetworks. Creating a subnetwork means it will be reserved for public use and permit restricted access to guest users. Creating more subnets for apps to know healthcare information, for business applications, and apps involving a monetary transaction is also essential. Subnetworks are recommended so that the healthcare data network is safe and secure in an encrypted form and there is no data breach.

Implement BYOD policy

Smart devices use is on the increase and aids doctors remotely. This is convenient but is also a threat to the IT departments that wish to safeguard the healthcare environment.

Thus, it means following a policy of BYOD ‘bring your device’. This will keep the IT associates and the employees aware of the devices that will be in use internally and externally. Also, draw a strict outline to adhere to the BYOD so that there is no healthcare data breach.

Remote smart device use comes with increased risk. Be sure to have endpoints secured through a managed endpoint service.

Hire a Cyber Team for Incident Response

There is a need for an expert cyber team as a standby representative. You must be ready for the worst if there is a data breach. If you aren’t able to prevent a data breach, you’ll reduce the negative effect of the breach when you have an incident response team standing by.

Protecting patient data with tight network advanced security helps in detecting the indicators and also in responding before the attack starts. Any sort of neglect cannot be acceptable in healthcare.   Regardless of what happens, accepting the situation is best, and dealing with it during sensitive circumstances is possible only by an expert cyber team.

Learn more about Incident Response and Incident Containment Services. 

How Can Data Breaches Be Prevented?

Preventing data breaches is essential in the digital world we live in to protect sensitive data and valuable information. System monitoring, training employees on cyber security, encrypting data, firewalls, and threat detection can all contribute to the prevention of a data breach.

By paying attention to detail and implementing strong prevention practices, businesses can improve their security system and protect customer or corporate data. Educating staff on cyber security systems and common threats will create an awareness that can help prevent a possible breach before it even gets started.

Additionally, updating systems regularly, using encryption techniques to store data safely, and using secure authentication protocols are all prevention strategies that should be taken seriously by businesses. Ultimately, the prevention of a data breach is key for keeping a valuable company or customer information safe from malicious attacks.

Data Loss Prevention DLP Solutions: Everything You Need to Know

PREvent Data Breaches with PREtect

pretect

Learn More
Defining Reasonable Cybersecurity

Defining Reasonable Cybersecurity

by | Mar 20, 2018

reasonable cybersecurityHow to define Reasonable Cybersecurity for your organization

If your organization is hacked, have you considered the legal ramifications of a potential cybersecurity data breach? Let’s look at the Equifax breach. The most recent headline was about the insider-trading charges that were brought against a former employee. He sold stock and options after learning of the massive data breach at the credit reporting agency. What’s next for Equifax?

The problem with the Equifax breach is that the hackers found their way in through a known vulnerability. The entire episode could have been avoided with a simple patch policy. (Have you heard about PREtect?)

According to the National Law Review, Equifax is potentially in Violation of the Fair Credit Reporting Act: As a “consumer reporting agency” under the Act, Equifax was required to “maintain reasonable procedures designed to … limit the furnishing of consumer reports to the purposes listed” in the Act. See 15 U.S.C. § 1681e(a). Consumer plaintiffs are alleging that a failure to fulfill this duty under the Act allowed the data breach to occur, likely requiring experts in the credit reporting industry who are knowledgeable about the standards of information management and measures taken by other credit reporting agencies to maintain data security.

Consider Reasonable Cybersecurity

Shawn Tuma is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas. As someone who works in cyber law on a day to day basis, see his advice below. (Check out his videos here.) 

Based on his short but informative SecureWorld interview, Mr. Tuma says that Reasonable Cybersecurity should be defined by each organization. What is reasonable for one company may not be reasonable to another.

Along with Mr. Tuma, we recommend that the journey to define Reasonable Cybersecurity for your organization should begin with a risk assessment. This assessment will help you determine any potential risks that your company may face.

Once your risk assessment is complete, the next step is to create a plan and prioritize to the put those policies, procedure, and tools in place.

To show that your organization has achieved reasonable cybersecurity, you have to take legitimate steps to combat the risks that your company faces. If a breach happens, you will be able to show that you have done what you could to prevent cyber incidents.

Are you checking the boxes?

Many times, we have seen organizations that are looking to purchase a tool or run a quarterly scan or assessment just to check the compliance box. There’s so much more to creating an environment of reasonable cybersecurity than just having the tools in place.  Mr. Tuma recommends starting with these fundamentals of cyber hygiene:

  • Create cybersecurity policies and procedures
  • Training your workforce on those policies
  • Create and enforce password policies
  • Utilize multi-factor authentication
  • Back up your data

Related: Top Cyber Security Websites

 

Traditional SIEM vs. Next-Generation SIEM

Reasonable Cybersecurity with Cybriant

Start with a Risk Assessment
How to Prepare for IPv6 DDoS attack

How to Prepare for IPv6 DDoS attack

by | Dec 19, 2017

IPv6 DDoS attacks are a persistent problem. Read more about why they have become so rampant and how to prepare your business. 

IPv6 DDoS: Explanation

Every device on the Internet is assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the IPv4 address space had available.

Because there are fewer than 4.3 billion IPv4 addresses available, depletion has been anticipated since the late 1980s, when the Internet started to experience dramatic growth. This depletion is one of the reasons for the development and deployment of its successor protocol, IPv6. Currently, IPv4 and IPv6 coexist on the Internet.

The total number of possible IPv6 addresses is more than 7.9×1028 times as many as IPv4, which uses 32-bit addresses and provides approximately 4.3 billion addresses. The two protocols are not designed to be interoperable, complicating the transition to IPv6.

IPv6 DDoS: Why are they being attacked?

IPv6 introduces an entirely new attack vector with greater attack volume. IPv4 provides approximately 4.3 billion unique 32-bit IP addresses while IPv6 uses 128-bit addresses and gives attackers over 340 undecillion addresses to play with.

Hackers know what is coming, even though only around 25% of websites completely support IPv6 today. The problem begins when IPv6 is supported by the company’s network – and the administrators may or may not be aware of it. Many IPv4 DDoS attacks can be replicated using IPv6 protocols. And, hackers are already testing new methods for IPv6 DDoS attacks.

Many on-premises DDoS mitigation tools aren’t yet fully IPv6-aware, just as countless network security devices haven’t been configured to apply the same set of rules to IPv6 traffic as to IPv4 traffic. Even large vendors who offer VPN-based services have recently been found to only protect IPv4 traffic even though they handle IPv6 traffic.

How to prepare for IPv6 DDoS attacks

As IPv6 becomes a larger part of your enterprise’s network, your exposure to every form of IPv6 DDoS attacks will increase. According to a recent report, “Administrators need to familiarize themselves now with the Secure Neighbor Discovery (SEND) protocol, which can counter some potential IPv6 DDoS attack techniques; an IPv6 node uses the Neighbor Discovery (ND) protocol to discover other network nodes but is susceptible to malicious interference.”

“Network administrators should audit their systems and review how devices handle IPv6 traffic and run a sense-check to ensure that there are no configuration settings that could lead to exploitable vulnerabilities and that tools have feature and hardware parity in both IPv4 and IPv6.”

The massive amount of address space is another area of concern. For example, one IPv6 DDoS attack technique involves sending traffic addressed to random addresses in a network and hoping that many of those addresses don’t exist. This causes a broadcast storm on the physical network, which ties up the router that must send out requests asking for the Layer 2 address that handles the non-existent destination IP address. On an IPv6 network, the number of available addresses is dramatically higher, so the amplification of the attack is greatly increased and the chance of a host existing at the address that is being used in the attack is almost zero.

To tackle this problem, administrators need to configure routers with a black-hole route for addresses not actively being used on the network while using the longest prefix-match specific routes for each real endpoint. This ensures traffic addressed to a real endpoint will be forwarded to its destination and traffic addressed to other addresses will be dropped by the black hole.

Related: https://cybriant.com/understanding-cybersecurity-attack-vectors/

Need Cyber Risk Advice?

Let's Talk