Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT Infrastructure. Show all posts
Ransomwares
CISO Cyber Security cybersecurity solutions Healthcare Healthcare Cyberattacks IT Infrastructure Ransomware attack Ransomwares

Preparing Healthcare for Ransomware Attacks: A 12-Step Approach by Dr. Eric Liederman


Dr. Eric Liederman, CEO of CyberSolutionsMD, emphasizes that healthcare organizations must be prepared for ransomware attacks with a structured approach, describing it as akin to a “12-step program.” He highlights that relying solely on protective measures is insufficient since all protections have the potential to fail. Instead, planning and creating a sense of urgency is key to successfully handling a cyberattack. 

According to Liederman, organizations should anticipate losing access to critical systems and have a strategic recovery plan in place. One of the most important components of such a plan is designating roles and responsibilities for the organization’s response. During an attack, the Chief Information Security Officer (CISO) essentially takes on the role of CEO, dictating the course of action for the entire organization. Liederman says the CISO must tell people which systems are still usable and what must be shut down. 

The CEO, in this situation, plays a supporting role, asking what’s possible and what needs to be done to protect operations. A significant misconception Liederman has observed is the assumption that analog systems like phones and fax machines will continue functioning during a ransomware attack. Often, these systems rely on the same infrastructure as other compromised technology. For example, phone systems that seem analog still resolve to an IP address, which means they could be rendered useless along with other internet-based systems. 

Even fax machines, commonly thought of as a fail-safe, may only function as copiers in these scenarios. Liederman strongly advises healthcare institutions to conduct thorough drills that simulate these kinds of disruptions, enabling clinical and IT staff to practice workarounds for potentially critical outages. This level of preparation ensures that teams can still deliver care and operate essential systems even when technological resources are down for days or weeks. 

In terms of system recovery, Liederman encourages organizations to plan for bringing devices back online securely. While the need to restore services quickly is essential to maintaining operations, the process must be carefully managed to avoid reinfection by the ransomware or other vulnerabilities. Given his extensive experience, which includes almost two decades at Kaiser Permanente, Liederman advocates for resilient healthcare IT infrastructures that focus on readiness. This proactive approach allows healthcare organizations to mitigate the potential impacts of cyberattacks, ensuring that patient care can continue even in worst-case scenarios.
Read more »
Ransomware attack
Cyber Attacks Cybersecurity Policy Data Center data security Indonesia IT Infrastructure IT problems Ransomware attack

Indonesia’s Worst Cyber Attack Exposes Critical IT Policy Failures

 

Indonesia recently faced its worst cyber attack in years, exposing critical weaknesses in the country’s IT policy. The ransomware attack, which occurred on June 20, targeted Indonesia’s Temporary National Data Center (PDNS) and used the LockBit 3.0 variant, Brain Cipher. This malware not only extracts but also encrypts sensitive data on servers. The attacker demanded an $8 million ransom, which the Indonesian government has stated it does not intend to pay. 

One of the most alarming aspects of this attack is that almost none of the data in one of the two affected data centers was backed up, rendering it impossible to restore without decryption. This oversight has significantly disrupted operations across more than 230 public agencies, including key ministries and essential national services such as immigration and major airport operations. In response to the attack, Indonesian President Joko Widodo ordered a comprehensive audit of the country’s data centers. Muhammad Yusuf Ateh, head of Indonesia’s Development and Finance Controller (BPKP), stated that the audit would focus on both governance and the financial implications of the cyberattack. 

An official from Indonesia’s cybersecurity agency revealed that 98% of the government data stored in one of the compromised data centers had not been backed up, despite the data center having the capacity for backups. Many government agencies did not utilize the backup service due to budget constraints. The cyberattack has sparked calls for accountability within the government, particularly targeting Budi Arie Setiadi, Indonesia’s communications director. Critics argue that Setiadi’s ministry, responsible for managing the data centers, failed to prevent multiple cyber attacks on the nation. Meutya Hafid, the commission chair investigating the incident, harshly criticized the lack of backups, calling it “stupidity” rather than a simple governance issue. 

The attack has not only exposed the vulnerabilities within Indonesia’s IT infrastructure but has also led to significant operational disruptions. The lack of proper data backup procedures underscores the urgent need for robust cybersecurity measures and policies to protect sensitive government data. The audit ordered by President Widodo is a crucial step in addressing these issues and preventing future cyberattacks. 

As Indonesia grapples with the aftermath of this significant cyberattack, it serves as a stark reminder of the importance of comprehensive cybersecurity strategies and the need for constant vigilance in safeguarding critical national data. The incident highlights the essential role of proper IT governance and the consequences of neglecting such vital measures.
Read more »
IT Infrastructure
Australia Australian Businesses Cyberattack cybercriminals Data Breach Fortinet Hacker attack Hackers IT Infrastructure

The Growing Threat of Data Breaches to Australian Businesses

 

Data breaches are now a significant threat to Australian businesses, posing the risk of "irreversible brand damage." A cybersecurity expert from Fortinet, a global leader in the field, has raised alarms about cybercriminals increasingly targeting the nation’s critical infrastructure. Cybercriminals are continually finding new ways to infiltrate Australia’s infrastructure, making businesses highly vulnerable to attacks. 

The Australian federal government has identified 11 critical sectors under the Security of Critical Infrastructure Act, which was amended in 2018 to enforce stricter regulations. Businesses in these sectors are required to complete annual reporting to notify the federal government of any attempts to access their networks. Michael Murphy, Fortinet’s Head of Operational Technology and Critical Infrastructure, recently discussed the severity of cyber threats on Sky News Business Weekend. During the 2022-2023 financial year, 188 cybersecurity incidents were reported across critical sectors, highlighting ongoing risks to national networks like water and energy supplies. 

Additionally, the Australian Bureau of Statistics found that 34 percent of businesses experienced resource losses managing cybersecurity attacks in the 2021-2022 financial year, and 22 percent of Australian businesses faced a cybersecurity attack during that period—more than double the previous year’s figure. Even small businesses are now vulnerable to cybercrime. Murphy pointed out that among entities with mandatory reporting, 188 incidents were reported, with 142 incidents reported by entities outside of critical infrastructure, demonstrating the widespread nature of the threat. He explained that hackers are motivated by various factors beyond financial gain, including the desire for control. 

The consequences of cyber attacks can be severe, disrupting systems and causing significant downtime, which leads to revenue loss and irreversible brand damage. Critical infrastructure sectors face unique challenges compared to the IT enterprise. Quick restoration of systems is often not an option, and recovery can take considerable time. This extended downtime not only affects revenue but also damages the reputation and trustworthiness of the affected organizations. Murphy noted that many incidents are driven by motives such as financial profiteering, socio-political influence, or simply the desire of hackers and syndicates to boost their credibility. 

As cyber threats evolve, it is crucial for businesses, especially those in critical infrastructure sectors, to strengthen their cybersecurity measures. While annual reporting and adherence to federal regulations are essential, proactive strategies and advanced security technologies are necessary to mitigate risks effectively.
Read more »
Sensitive data
Data Breach Healthcare HHS IT Infrastructure network segmentation Sensitive data

One in Three Healthcare Providers at Risk, Report Finds


 

A recent report reveals that more than a third of healthcare organisations are unprepared for cyberattacks, despite an apparent rise in such incidents. Over the past three years, over 30% of these organisations have faced cyberattacks. The HHS Office for Civil Rights has reported a 256% increase in large data breaches involving hacking over the last five years, highlighting the sector's growing vulnerability.

Sensitive Data at High Risk

Healthcare organisations manage vast amounts of sensitive data, predominantly in digital form. This makes them prime targets for cybercriminals, especially since many operators have not sufficiently encrypted their data at rest or in transit. This lack of security is alarming, considering the high value of protected health information (PHI), which includes patient data, medical records, and insurance details. Such information is often sold on the dark web or used to ransom healthcare providers, forcing them to pay up to avoid losing critical patient data.

In response to the surge in cyberattacks, federal regulators and lawmakers have taken notice. The HHS recently released voluntary cybersecurity guidelines and is considering the introduction of enforceable standards to enhance the sector's defences. However, experts stress that healthcare systems must take proactive measures, such as conducting regular risk analyses, to better prepare for potential threats. Notably, the report found that 37% of healthcare organisations lack a contingency plan for cyberattacks, even though half have experienced such incidents.

To address these challenges, healthcare organisations need to implement several key strategies:

1. Assess Security Risks in IT Infrastructure

Regular cyber risk assessments and security evaluations are essential. These assessments should be conducted annually to identify new vulnerabilities, outdated policies, and security gaps that could jeopardise the organisation. Comprehensive cybersecurity audits, whether internal or by third parties, provide a thorough overview of the entire IT infrastructure, including network, email, and physical device security.

2. Implement Network Segmentation

Network segmentation is an effective practice that divides an organisation's network into smaller, isolated subnetworks. This approach limits data access and makes it difficult for hackers to move laterally within the network if they gain access. Each subnetwork has its own security rules and access privileges, enhancing overall security by preventing unauthorised access to the entire network through a single vulnerability.


3. Enforce Cybersecurity Training and Education

Human error is a growing factor in data breaches. To mitigate this, healthcare organisations must provide comprehensive cybersecurity training to their staff. This includes educating employees on secure password creation, safe internet browsing, recognizing phishing attacks, avoiding unsecured Wi-Fi networks, setting up multi-factor authentication, and protecting sensitive information such as social security numbers and credit card details. Regular updates to training programs are necessary to keep pace with the evolving nature of cyber threats.

By adopting these measures, healthcare organisations can significantly bolster their defences against cyberattacks, safeguarding sensitive patient information and maintaining compliance with HIPAA standards. 


Read more »
Ransomware attack
Cyber Attacks Cyber-recovery IDC survey IT Infrastructure Ransomware Ransomware attack

Are You Really Prepared for a Ransomware Attack?


With the continuous evolution and development in the IT industry, it still seems as if most IT environments are yet not adequately equipped against ransomware and remain oblivious to the importance of an efficient protection system. 

According to a recent IDC survey, conducted on more than 500 CIOs from more than 20 industries around the world, 46 percent of the respondents reported having witnessed at least one ransomware attack in the last three years. This indicates how ransomware has surpassed natural disaster, to become the main reason one needs to be skilled at handling large data restorations. Many years ago, disk system failure, which frequently required a complete restore from scratch, was the primary cause of such restores. 

However, situations changed with the introduction of RAID and Erasure Coding, which brought terrorism and natural disasters to the forefront. Nonetheless, unless you lived in a specific disaster-prone area, the likelihood that any one company would experience a natural disaster was actually fairly low. 

Is the Company Prepared for an Attack? 

May be not. 

The survey suggests that organizations who have had an experience of cyberattacks or data loss think highly of their ability to respond to such events in the future. In support of this notion, 85 percent of the respondents, on being asked about their security plans, claimed of having a cyber-recovery playbook for intrusion detection, prevention and response. 

While, it is to be taken into consideration that ransomware attacks are ever-evolving, with threat actors implementing a different tactics for the attacks. Thus, it is difficult to conclude that the current data resiliency tools would be highly efficient for all the future ransomware attacks. 

These tools however, should have one key objective in common. An efficient tool must be capable of recovering the breached data in a manner that the organization need not have to pay enormous ransom, while also making sure that the data is not lost. Since ransomware attacks are inevitable, data resiliency tool could at least ensure lesser damage from the attacks. 

Minimizing Attack Damage 

In order to detect a ransomware attack, to respond and to recover from it, one requires several crucial steps and tactics to be followed as given below.  

• IT infrastructure could be created in a way to limit the damage of an attack, for example, by forbidding the usage of new domains (preventing command and control) and restricting internal lateral movement (minimizing the ability of the malware to spread internally). However, after ransomware has hit you, you must employ numerous tools, many of which may be automated for greater efficiency. 

• Limiting lateral movement in order to halt the IP traffic all at once. If infected systems would not be able to communicate, no further damage would resultingly take place. Once the infected systems are identified and shut down, one can proceed with their disaster recovery phase of bringing infected systems online. Further, ensuring that the recovery systems are themselves not infected.  

Read more »
Terror
Cyber Security Data data security IT Infrastructure Safety Terror

Cyber-Terrorism In The Skies

 

Prior to 9/11, plane hijackings were thought to be the stuff of Hollywood scriptwriters. Major movie plots frequently reflect current societal themes in character scenarios and, in some cases, technology. 

There are numerous cyber-crime-themed films that accurately predicted our future. If we stop and think about it, nearly everything around us is becoming more digitized than ever before, from car navigation and control systems to Wi-Fi-enabled temperature sensors in backyard grills. You can't avoid it, so it's no surprise to learn how much technology goes into a modern aircraft. Aside from in-flight entertainment, Wi-Fi, and LED lighting, there are intricate sensors, controls, and computing systems that work together to provide the safest, best flights possible.

Unfortunately, in today's world, the general public is well-informed about how terrifying hijacked planes can be. And, as time has passed, the threat of terror in the skies has evolved technologically.
For many years, the terrifying prospect of cyber-attacks on commercial flights has haunted the airline industry. One of the first incidents to garner public attention was when security researcher Chris Robert was detained by the FBI on a domestic flight after claiming to have briefly seized control of the plane.

At the Black Hat cybersecurity conference in Las Vegas, another cybersecurity researcher, Ruben Santamarta, claimed that he had hacked hundreds of aircraft while they were in flight from the ground. The cybersecurity researcher claimed he used flaws in satellite equipment to remotely hack into the planes.

We would be dealing with a very dangerous threat if a plane's technical systems were compromised by malicious hackers. And we've had some close calls. A malware infection, for example, prevented a Spanair flight from taking off several years ago. In that case, the detection occurred before the flight was even possible, but the entire scenario highlights a significant risk and an ever-present threat.

Protection in the air is important, as is protection from potentially malicious passengers-turned-hackers, but what about safeguarding at other points in the flight industry's technology chain? Is it possible that mission-critical IT systems will be as vulnerable as satellites and onboard computers have proven to be?

Consider it from the perspective of a hacker. Nobody attempts to enter a fort through the guarded front gates. They sneak in through an unguarded wall or disguise themselves as the gate maintenance team. In other words, hackers find ways to circumvent perceived barriers and all the costly fortifications or processes in order to find a vulnerable point of entry.

Bugs and malicious software, for example, can infiltrate a simple software update. Although updating software is a good practice, the possibility of something dangerous occurring during these specific times is always present.

Almost like the vulnerable moments when vigilance is low during a guard change. Conditions like these require us to validate versions, and baseline systems and understand how to identify and isolate threats. They compel us to keep an eye out for compromise behavior and metrics. As a result, the security challenges encountered are closely related to enterprise security.

The Real World vs Hollywood

Planes, like any other interconnected IT system, can and probably will be hacked at some point. At this point, the question is not if, but when. Using intelligent precautions, processes, and technologies, we can hopefully predict and prevent whatever that sober incident turns out to be. And, if this terrifying situation occurs, we hope that quick recovery is triggered in accordance with well-planned disaster plans. Even if we are not in the airline industry, we should have the same mindset when it comes to our mission-critical internal IT systems.

Throughout the service lifecycle of our own IT infrastructure, are we sufficiently monitoring and protecting our mission-critical systems from cyber threats? No enterprise IT system is safe if planes can be hacked. The same questions regarding vulnerability mitigation and disaster recovery planning should be directed toward every IT system in every organization.

It is critical to understand that when it comes to commercial flights, the stakes could not be higher because human lives are at stake. Fortunately, industry leaders and government task forces are committed to developing solutions that address cyber threats to the commercial flight industry in a proactive manner. Eventually, their awareness and diligence will ensure that this remains a plot line for Hollywood thrillers rather than a potential opportunity for another devastating terror attack that weaponizes commercial airliners.
Read more »
Subscribe to: Posts (Atom)