Cyber Security Update 2020-01

January

Cyber Security Update

Cyber Security Update - January 2020

SoftwareONE believes there is a need for additional information when it comes to Cyber Security, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareONE’s monthly Cyber Threat Bulletin provides updates on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Stay Ahead Of Cyber Threats: January Bulletin

Do you like thrilling movies like “The Man Who Knew Too Much” by Alfred Hitchcock or “96 Hours” by Frédéric Schoendoerffer? What both films have in common is the nerve-wracking story about the kidnapping of a family member. Do you find yourself taking the side of the good guys, praying and keeping your fingers crossed that they will set their most valuable treasure free and get them back alive? Well, then you are very close to what some companies had to experience as well with seeing sensitive business data being taken hostage by ransomware. Ransomware, as its name suggests, is malware designed to make a target’s data unusable or to prevent access to computer systems until a ransom is paid, usually in untraceable digital currency. It’s quick, lucrative – and very easy.

Imagine an ordinary working day at the office: You just started, working yourself through your inbox when you spot an official information from one of your business departments with an attached document. You are directed to a download link to access your files. You are not thinking about it because you know your company and your departments, so you just follow the instructions, download your file and open it. At some point later that day you notice that you are no longer able to access your systems and several files with a strange name have been created without your knowing. This is a critical moment because sensitive files on your device might have been encrypted. The truth is: Your files have been taken hostage and the only way to get them back is by paying a ransom.

Ransomware incidents have reached a new level of frequency and we expect the number to continue to increase. Affected companies are often willing to pay whatever sum is demanded so they can regain control and get back to business. It’s quite similar to families being willing to pay kidnappers whatever is required to release their loved ones – a copycat scenario if you will for the Cyber Security arena.

For our January Cyber Threat Bulletin we collected some examples of companies that were hit by such ransomware attacks and experienced varying consequences. Such as Hackensack Meridian Health, New Jersey’s largest hospital system operating 17 hospitals, nursing homes and outpatient centers, as well as psychiatric facility Carrier Clinic. The health system provider was targeted by a Cyber Attack in early December 2019, crippling its computer software systems for nearly five days. The attack impacted the hospital’s computer software systems, from scheduling and billing systems to labs and radiology. As a consequence, the medical teams had to reschedule approximately 100 non-emergency appointments and surgeries.

Galt, California municipal systems, also became a victim of ransomware. The city reported that the full extent of the damage is not known but both the email and the phone systems have been impacted. This includes all Sheriff’s office emails, posting of daily arrest affidavits, updates of jail booking photos, fingerprinting, background checks/criminal histories, distribution of case reports and traffic crash reports.

Last but not least, LifeLabs, a Canadian laboratory testing company, paid ransom money to get back the data of its 15 million customers – including names, addresses, emails, logins, passwords, date of birth, health card numbers (for health insurance) and even highly-sensitive lab test results.

Prepare yourself & keep your data and systems under control

Just like any other cyber threat, prevention is key to a proper defense for ransomware as well. Unlike other types of malware ransomware is extremely hard to detect and can be placed in your systems within seconds - with one file ore even one phone call that opens the door to your network. The best thing to start with is to develop and install the right cyber security (warning) system for your company. Make sure you have a backup strategy for any critical systems and data in place and practice a regular cyber security hygiene, e.g. update patches regularly, monitor your network activity and manage permission rights. Furthermore, train all employees on security threats and risks and how to deal with any type of incident.

Start your security journey today by staying up-to-date about the latest breaches, malware attacks and other incidents. Join us this month and read our latest Cyber Threat Bulletin to find out more about the latest cyber threats, and attacks and how to prevent them from happening in your company.

Download our January edition and stay informed with key information and a list of activities to help you close security gaps.

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO

Software Portfolio Management

Related Articles

windows-7-extended-support

Windows 7 Extended Support: Now Is the Time to Take Action!

Microsoft ended support for Windows 7. Find out which far-reaching impact this will have on your environment.

Be Prepared: Security Trends To Watch Out for in 2020

5 Key Strategies for Creating a Cyber Awareness Program

A strong cyber-security posture goes well beyond the security team. Let’s take a closer look at the five key strategies for creating a cyber awareness program.

How To Fix Sh(adow) IT

SH(adow) IT Happens – How can I fix it?

Left unmanaged, Shadow IT can expose organizations to financial, security, and compliance risks. Here’s how to discover and manage your software environment.