Cyber Risk Governance Insights | December 2, 2024

WEEK IN HEADLINES

TECHNOLOGY - New Backdoor Attack Targets Windows Users

A new 0-click backdoor attack, attributed to Russian cyber actors, has been confirmed by cybersecurity experts. This sophisticated attack exploits a vulnerability in Windows systems, allowing hackers to gain control without user interaction. The malware can infiltrate devices, steal sensitive data, and establish persistent access, posing a significant threat to both individual users and organizations.

INSIGHT: We often speak with organizations about implementing a defense-in-depth, layered cybersecurity posture. This approach involves implementing multiple layers of security controls and measures to protect an organization's assets. By combining various defenses you can create a well-defined security framework that addresses different attack vectors and enhances overall your resilience against a wide range of cyber threats.

HEALTHCARE - Vendor Exposes Veterans' Health Information

The U.S. Department of Veterans Affairs (VA) recently disclosed a cyberattack that compromised the health information of 2,302 veterans, including 616 in Minnesota. The breach targeted a server managed by DBP Inc., a private medical transcription vendor. Exposed data included veterans' full names, medical records, and Social Security numbers.

INSIGHT: This incident is not unique to the VA or healthcare organizations; it is relevant to all sectors and organizations of all sizes. It highlights the need for assessing the security practices of all external partners. Have you conducted comprehensive risk assessments to identify potential vulnerabilities, negotiated stronger security controls with your vendors, and monitored third-party security performance?

RETAIL - Outages Persist into 2nd Week Following Ransomware Attack

A ransomware attack on Blue Yonder, a supply chain software provider, continues to disrupt operations for its retail clients nearly two weeks after the initial incident. The attack has affected major retailers, including U.K. supermarket chains Morrisons and Sainsbury’s, as well as U.S. coffee giant Starbucks. Blue Yonder is working to restore services, but the prolonged outages have forced many companies to implement manual processes to manage their supply chains and employee schedules.

INSIGHT:  This incident, similar to the CrowdStrike breach, highlights the necessity of a comprehensive incident response plan (IRP) for detecting, responding to, and recovering from cyber incidents. An effective IRP would have allowed the affected organization to identify the software issue quickly, contain its impact, and restore systems. Conducting a Business Impact Analysis (BIA) is an important first step in developing a well-structured response plan. Regular testing and updating of the IRP ensure preparedness for various attack scenarios, ensuring operational effectiveness and customer trust.

HEALTHCARE - Specialty Medical Practice Faces Triple Cyberattack

Rocky Mountain Gastroenterology (RMG) recently experienced a series of three cyberattacks, resulting in a significant data breach affecting up to 169,000 patients. The attacks, carried out by different threat groups, compromised sensitive information including names, Social Security numbers, medical records, and insurance details. The breach, which impacted data from 2015 to 2019, has prompted RMG to initiate a costly investigation and notify affected individuals.

INSIGHT: The reoccurrence of cyber-attacks against an organization is not unique; and based on common cybersecurity practices, some general practices could help mitigate these risks.  They are basic cyber hygiene of backups that are encrypted, regular security assessments, and educating employees to be more secure and aware of these kinds of threats.

DATA SERVICES - Over 600,000 Records Exposed in Data Breach

SL Data Services suffered a significant data breach, exposing over 600,000 records, including background checks, vehicle records, and property ownership reports. The breach was discovered by cybersecurity researcher Jeremiah Fowler, who found the database unprotected and publicly accessible. Exposed data includes full names, addresses, email addresses, employment details, social media accounts, phone numbers, and criminal records. The breach poses a high risk of identity theft and social engineering attacks.

INSIGHT: It is often said, but not always implemented, or is assumed to be properly implemented without being tested.  But encrypting the database would have rendered the exposed data unreadable to unauthorized parties, significantly reducing the risk of data theft and misuse.  Data at rest and data in motion encryption is necessary - at least until quantum computing is more widely accessible…  Then there's a whole other conversation.

ENTERTAINMENT - Soccer Club Scored On by Ransom Group

Bologna FC 1909 has confirmed a ransomware attack by the RansomHub group, resulting in the leak of sensitive data. The stolen information includes sponsorship contracts, financial records, personal data of players, fans, and employees, as well as medical records and commercial strategies. The club did not comply with ransom demands, leading to the full dataset being published on the dark web.

INSIGHT: A proactive approach with the deployment of advanced Endpoint Detection and Response (EDR) to provide continuous monitoring and behavior analytics of users and endpoint activities to detect and respond to threats in real-time could have significantly reduced the impact of the breach. 

INSIGHTS & EXPERT PERSPECTIVES

Cyber Risk Governance Live Recap

From Alert Overload to 90% Faster Response

This Cyber Risk Governance Live Event involved a case study focused on improving cyber resilience. The spotlighted company had industry, global, and regional cyber compliance requirements and standards, and desired to reduce alert fatigue and improve detection and resolution times.

Tim MalcomVetter, Stanley Li, and Sean Mahoney shared insights on enhancing SOC operations, managed detection and response (MDR), and the importance of key performance indicators (KPIs). They emphasized the evolution from manual processes to advanced automation, reducing human error and improving efficiency.  They also discussed the role of augmented intelligence, which combines human expertise with automated processes. This approach was highlighted as crucial for improving cyber resilience.

The event underscored the importance of continuous improvement and adaptation to new threats. It highlighted challenges such as alert fatigue and the need for continuous monitoring, emphasizing the balance between technical solutions and business objectives. Additionally, the discussion stressed the necessity of ongoing security awareness and education to maintain effective security practices.

Highlights:

1. Significant Cost Savings: Implementing advanced security automation saves resources by enhancing operational efficiency and reducing the need for additional staff.
2. Enhanced Detection and Resolution: Measuring the right KPIs can demonstrate the effectiveness and ROI of automation in security operations.
3. Importance of Continuous Improvement: Define, maintain, and improve cyber resilience through ongoing measurement and analysis ensuring security strategies remain effective and adaptive to new threats.

INSIGHTS: Cybersecurity automation and AI offer significant benefits in terms of speed and comprehensiveness; however, it's necessary to recognize that it should be viewed as an augmentation to human intelligence, not a replacement. Overreliance on automation can lead to complacency and a lack of nuanced interpretations, as machines might miss subtle indicators that only a human experience can refine so operations are not adversely affected.

Moreover, the initial investment in automation technology and integration can be substantial but the long-term benefits often outweigh the initial costs, as automation can significantly reduce the risk and minimize the impact of cyber incidents.

A balanced approach that combines the power of automation with the expertise of human analysis is critical. By leveraging augmented intelligence, your organization can achieve a more refined and adaptive cybersecurity posture. This approach acknowledges that there is no one-size-fits-all solution to cybersecurity, and a tailored approach that balances automation and human intelligence is necessary to safeguard sensitive information.

RISK MANAGEMENT

REPORT - Lessons for SMB Executives from Cyber Threat Trends Report

The Cisco Cyber Threat Trends Report for 2024 provides an in-depth analysis of the most prevalent cyber threats, including information stealers, Trojans, ransomware, remote access Trojans (RATs), advanced persistent threats (APTs), botnets, droppers, and backdoors. Leveraging data from DNS activity, the report underscores the critical role of DNS security in identifying and mitigating these threats. Key findings reveal the persistent and evolving nature of cyber threats, emphasizing the need for robust cybersecurity measures. The report also offers strategic recommendations for enhancing security resilience through DNS filtering, endpoint protection, and comprehensive security defense strategies.

HIGHLIGHTS:

• INFO STEALERS - Remaining a significant threat due to their ability to collect sensitive data, passwords, credit card information, and intellectual property.
• RESILIENCE - Ransomware groups continue to be a threat due to its high profitability and the availability of RaaS platforms.
• APTs - These groups/threats often remain undetected for extended periods, enabling long-term espionage and data theft.

INSIGHTS - So you're an executive of an SMB - where do you start?  We often offer our SMB customers these practical recommendations to enhance their cybersecurity resilience with these actionable short and medium-term steps  to elevate their organization's cyber resilience:

1. Define Clear Objectives: Create a benchmark for measuring success and calculating ROI.
2. Business Impact Analysis: Understand vulnerable areas requiring immediate attention and identify interdependencies and potential points of failure for targeted risk mitigation.
3. Review Security Governance: Evaluate existing cyber governance (policies & procedures).
4. Security and Risk Assessment: Identify risks, potential impact, and likelihood, and prioritize to focus resources.
5. Security Metrics and KPIs: Measure the effectiveness of security measures and areas for improvement.
6. Basic Hygiene: Deploy appropriate security tools based on the business objectives and resources.
7. Plan a Multi-Layered Strategy: An approach to provide holistic defense and compliance strategy.

Regularly review and update all of the items on the list.  Your cyber risk management needs to be dynamic like your business strategy is because customer preference, technology, or market conditions change - so too do cyber risks.

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.
2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Community on LinkedIn. Share insights and stay ahead of the curve.
• Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch Technology Management today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.