Today’s news of continued cybersecurity attacks are proving more aggressive by the day. The first large breach was that of FireEye, a leading high-stakes cybersecurity firm. Their CEO, Kevin Mandia, stated in a blog post that they fell prey to “an attack by a nation with top-tier offensive capabilities” and is working with leading tech firms and the FBI towards resolution.
Generally speaking, attackers are looking for ways into other organizations or to encrypt data that an organization would be willing to pay tens of millions of dollars to get back. In this instance, they stole approximately 300 tools that FireEye uses to protect its clients from attackers just like these. As it is unclear what the attacker's motives are, this threat creates a new type of compromise into many protected networks. Keeping this incident from being a catastrophe is the plan that they had in place for this exact scenario proving that having a plan is great however testing it regularly is imperative to any cybersecurity strategy.
In the EU, it was announced that documentation about one of the most promising coronavirus vaccines has been “unlawfully accessed” in a hack aimed at the European Medicines Agency based in Amsterdam. While this is a joint effort by Phizer and BioNTech they both confirmed that neither system was compromised to reveal any of the trial participants.
In the last few months as our world has shifted to an acute awareness of social distancing and mask-wearing. Cybersecurity threats have risen tremendously and are focused on our healthcare systems and the Covid-19 research being performed to bring a vaccine to the people who need it the most.
During this pandemic, we’ve seen hackers target systems that provide patient care and resources to the most vulnerable of our nation. Based on the IBM Ponemon Cost of Data Breach Report of 2020, the average total cost of a Healthcare breach today is $7.13 Million compared to $3.86 Million as the global average of all industry categories.
In addition to the Healthcare numbers, a new vulnerability has been uncovered and the NSA is warning that our dispersed work from home environments has created countless new opportunities for hackers. Flaws in tools like VPNs (a virtual private network) that have been set up to provide security to remote staff are being leveraged by attackers to access and manipulate other layers of the security stack. The NSA points out that securing your interface with a strong, unique password or setting it up so that the interface isn’t accessible from the public internet are strong steps to reduce risk.
As approximately 95 Million workers are now in a geographically dispersed environment, we have to do better at securing and educating ourselves against the mounting threats! A small to medium-sized business that gets breached is (on average) out of business within 6 months. Many of my clients feel a false sense of security with their Cyber insurance policies however fail to read the fine print noting "reasonable effort" to keep systems maintained and updated with the latest security patches and protocols. Many of them include appropriate education and “phishing” email curriculum to all staff as a part of that effort as well.
Keeping up with all of the new threats, technology to help meet compliance and cybersecurity regulations is exhausting! Securing your business and data from nefarious hackers needs to be high on your priority list. If you’re not sure where to start or how to assess our risk, we’re here to help.
See how Blush Technologies can help: https://blushtechnologies.com/cybersecurity