Cyber Security Update 2020-01

January
Cyber Security Update

Cyber Security Update - January 2020

SoftwareONE believes there is a need for additional information when it comes to Cyber Security, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareONE’s monthly Cyber Threat Bulletin provides updates on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Stay Ahead Of Cyber Threats: January Bulletin

Do you like thrilling movies like “The Man Who Knew Too Much” by Alfred Hitchcock or “96 Hours” by Frédéric Schoendoerffer? What both films have in common is the nerve-wracking story about the kidnapping of a family member. Do you find yourself taking the side of the good guys, praying and keeping your fingers crossed that they will set their most valuable treasure free and get them back alive? Well, then you are very close to what some companies had to experience as well with seeing sensitive business data being taken hostage by ransomware. Ransomware, as its name suggests, is malware designed to make a target’s data unusable or to prevent access to computer systems until a ransom is paid, usually in untraceable digital currency. It’s quick, lucrative – and very easy.

Imagine an ordinary working day at the office: You just started, working yourself through your inbox when you spot an official information from one of your business departments with an attached document. You are directed to a download link to access your files. You are not thinking about it because you know your company and your departments, so you just follow the instructions, download your file and open it. At some point later that day you notice that you are no longer able to access your systems and several files with a strange name have been created without your knowing. This is a critical moment because sensitive files on your device might have been encrypted. The truth is: Your files have been taken hostage and the only way to get them back is by paying a ransom.

Ransomware incidents have reached a new level of frequency and we expect the number to continue to increase. Affected companies are often willing to pay whatever sum is demanded so they can regain control and get back to business. It’s quite similar to families being willing to pay kidnappers whatever is required to release their loved ones – a copycat scenario if you will for the Cyber Security arena.

For our January Cyber Threat Bulletin we collected some examples of companies that were hit by such ransomware attacks and experienced varying consequences. Such as Hackensack Meridian Health, New Jersey’s largest hospital system operating 17 hospitals, nursing homes and outpatient centers, as well as psychiatric facility Carrier Clinic. The health system provider was targeted by a Cyber Attack in early December 2019, crippling its computer software systems for nearly five days. The attack impacted the hospital’s computer software systems, from scheduling and billing systems to labs and radiology. As a consequence, the medical teams had to reschedule approximately 100 non-emergency appointments and surgeries.

Galt, California municipal systems, also became a victim of ransomware. The city reported that the full extent of the damage is not known but both the email and the phone systems have been impacted. This includes all Sheriff’s office emails, posting of daily arrest affidavits, updates of jail booking photos, fingerprinting, background checks/criminal histories, distribution of case reports and traffic crash reports.

Last but not least, LifeLabs, a Canadian laboratory testing company, paid ransom money to get back the data of its 15 million customers – including names, addresses, emails, logins, passwords, date of birth, health card numbers (for health insurance) and even highly-sensitive lab test results.

Prepare yourself & keep your data and systems under control

Just like any other cyber threat, prevention is key to a proper defense for ransomware as well. Unlike other types of malware ransomware is extremely hard to detect and can be placed in your systems within seconds - with one file ore even one phone call that opens the door to your network. The best thing to start with is to develop and install the right cyber security (warning) system for your company. Make sure you have a backup strategy for any critical systems and data in place and practice a regular cyber security hygiene, e.g. update patches regularly, monitor your network activity and manage permission rights. Furthermore, train all employees on security threats and risks and how to deal with any type of incident.

Start your security journey today by staying up-to-date about the latest breaches, malware attacks and other incidents. Join us this month and read our latest Cyber Threat Bulletin to find out more about the latest cyber threats, and attacks and how to prevent them from happening in your company.

Download our January edition and stay informed with key information and a list of activities to help you close security gaps.

  • Tuesday 14 January 2020

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan Director, Security Practice & CISO

Software Portfolio Management

Related Articles

Micrsoft Teams
  • 26 February 2020

How to Improve Your Cloud Collaboration with Microsoft Teams

The successful integration of a new collaboration tool ends not with the implementation. Make sure to include your users from the start!

Microsoft Office365
  • 25 February 2020
  • Erik Moll

The Best Practices for Tracking Your Microsoft Office 365 Adoption & Usage

Office 365 is a popular, future-proof solution – but it’s necessary to track your adoption and usage to maximize this utility. Let’s find out how.

How To Fix Sh(adow) IT
  • 20 February 2020
  • Blog Editorial Team

SH(adow) IT Happens – How can I fix it?

Left unmanaged, Shadow IT can expose organizations to financial, security, and compliance risks. Here’s how to discover and manage your software environment.