Ransomware is nothing new. But the tactics, techniques and procedures (TTPs) leveraged by threat actors have reached new levels of sophistication over the last few years. And with that growth has come an increased difficulty in protecting networks against costly attacks such as the recent DarkSide one on the Colonial Pipeline.
Healthcare businesses are already reeling from massive losses during the pandemic, and cyberattacks could cause further long-term damage beyond the initial attack. Research at Morphisec indicates that almost 3-in-10 consumers say they would consider switching providers if their records were breached in a cyberattack. Considering that same report found that 1-in-5 Americans say a cyberattack has impacted their healthcare provider in the past year, it’s undoubtedly worrying news for the entire industry. With this in mind, here are three avenues hackers are likely to exploit as healthcare becomes a more attractive target and what providers’ need to do to protect their sensitive data and safeguard the lives of their patients.
The social and economic impacts of political violence don’t often match. Terror attacks can accomplish their main objective of striking fear into a local population while not significantly interfering with commerce, and broad waves of unrest have the potential for supply chain disruption, local business closures lasting for days, and repair and remediation that can become quite costly. There’s a third category that doesn’t get enough attention in policy and academic circles: insurance industry losses.
The two most common methods of security guard communications in use today are cell phones and two-way radios. Security managers can have difficulty in deciding which system is best used on a particular job site. Should they use two-way radios, cell phones or both?
A recent survey conducted by Rave showed that only 22% of respondents completely trust the information they receive from local officials. Many factors – such as the spread of disinformation, social unrest and the ongoing pandemic – likely contribute to this low level of trust. However, it still poses a big problem to local leaders who are trying to keep residents safe – especially during the ongoing pandemic. We connected with Todd Miller, SVP of Strategic Programs at Rave Mobile Safety, to talk about how local governments and organizations can go about re-building trust in their communities by communicating effectively with residents.
Establishing operational resilience in the face of cyberattacks has become a top priority for organizations. As a core component of the IT infrastructure, Active Directory (AD) must be at the center of that process. But who is responsible for ensuring Active Directory is both protected and can be recovered quickly when a cyberattack occurs? In many organizations the answer is not clear, which can lead to missteps in detecting, defending against, and responding to cyberattacks.
Even if you are not mandated to adhere to any particular regulations, it still makes sense for your business to be proactive in managing risk. All frameworks include guidance for good cybersecurity hygiene, such as effective inventory and asset management, contingency planning, personnel security, system access control, and staff awareness and training, to list a few. To prepare for the aftermath of a cyber incident, frameworks provide incident response guidelines you can follow to recover and try to limit the damage. Establishing a framework can not only help your organization follow best practices but also bring rigorous cyber discipline to your organization.
For many years, the focus on securing OT environments has been on the imminent danger of a cyberattack upon critical infrastructure, in other words, SCADA/ICS attacks. Most of the concern has been on nation state actors like China, North Korean, Iran and Russia directly attacking and destroying our infrastructure.
While cybersecurity attack methods are rapidly evolving, it's more often than not a misuse of administrative privileges and weak or stolen credentials that are enough to breach any critical infrastructure. Let's take the attack on the water treatment plant for example—all it took for the unidentified perpetrator was one unprotected password to access and handle the control systems remotely. Time and again, incidents like this prove that when passwords are stored in secure vaults and are subject to standard security practices, the chances of getting hacked are far lower.
RSS
