With the recent high-profile data breaches involving the likes of Love, Bonito, along with the recently updated guidelines on data breach notification and accountability by the Singapore government, business owners in Southeast Asia (SEA) are looking to invest more in cybersecurity. According to Kaspersky’s Global Corporate IT Security Risks Survey (ITSRS), [...]
The world of cybersecurity is a rapidly evolving with new technologies, terms, definitions, and services. What can small and medium-sized businesses (SMB’s) learn from 2019?
The latest cybersecurity news in 2019 and probably the most eye-opening, is the class-action lawsuit filed against operator DCH Health System in Alabama by four patients visiting three hospitals. The suit claims the company violated federal health information privacy laws (HIPAA) and endangered their medical care during the RYUK Ransomeware attack in October of 2019. The four patients accuse the health system of negligence, invasion of privacy, breach of contract and breach of fiduciary duty. According to Tony Pietrocola, President of Agile1:
The rise in class-action lawsuits from ransomware in 2019 was alarming, this could be a very ugly trend for SMB’s in 2020.
Tony Pietrocola lists the following as some preventative measures that users and administrators can employ as best practices:
On several occasions in 2019, both larger and smaller MSPs (Managed Service Providers) found themselves under attack from the same threats they protect their clients from. A large MSP in California which was never publicly identified was forced to pay $150,000 in Bitcoin to gain access to the decryption keys required to recover the data that was not protected by air-gapped backups,” according to MSSP Alert.
KrebsOnSecuity has reported that the MSP Synoptek suffered a Sodinokibi ransomware attack on December 23rd, 2019. A Synoptek customer who was briefed on the incident reported the intruders used a remote management tool to install the ransomware on client systems. Cyberattacks on MSP’s are particularly dangerous due to the amount of client data an MSP has access to. If an MSP has gaps in its security, a snowball effect can take place, meaning each of its clients is now at risk of data and security breaches.
Director of Cybersecurity at Accellis Technology Group, Tom Fazio, has advice for MSP’s and how to protect their data along with their client’s data:
It is important for MSP’s to study and understand the NIST Cybersecurity Framework. This will help mitigate risk within your own business before moving on and mitigating risk across your client base
Other basic steps an MSP can take to fight ransomware and other cyberattacks are:
The Equifax data breach of 2017 was still grabbing headlines in 2019, but unfortunately, the trend of big data breaches only intensified. Some of the statistics of 2019 are staggering. Consider these statistics for the first half of the year:
Outside of the more notable data breaches such as the third-party Facebook apps exposing 540 million records and DoorDash exposing almost 5 million customers, employees, and merchant private information, Norton.com listed some of the larger breaches in 2019 that you may not have heard about.
Capital One
Date: March 22 and 23, 2019
Number of records breached: 106 million
Evite
Date: February 22, 2019
Number of records breached: 100 million
Georgia Tech
Date: December 14, 2018, to March 22, 2019
Number of records breached: 1.3 million
Federal Emergency Management Agency (FEMA)
Date: The Office of the Inspector General issued its findings on March 15, 2019
Number of records exposed: 2.3 million
Hackers and cybercriminals are targeting data. Both large and small companies need to view data the way financial institutions view currency.
In August of 2019 Barracuda has released Volume 2 of the Spear Phishing: Top Threats and Trends report, Email Account Takeover: Defending Against Lateral Phishing. Barracuda defines lateral phishing as an effective way for attackers to leverage legitimate accounts compromised through email account takeover.
If an attacker can secure vital private information within an organization, lateral movement and data exfiltration activities can be especially difficult to detect and give the appearance of normal network traffic. According to Barracuda:
Here are a few basic steps to help organizations defend against lateral phishing.
In March of 2019, Accellis Technology group shared some staggering statistics regarding cyberattacks on SMB’s. Here is a recap.
SMB’s are easier targets for hackers. Larger organizations tend to have cybersecurity solutions in place due to the amount of private information they must protect and can allocate money & resources that put security higher on the priority list. For a hacker, trying to breach larger organizations costs time & money, putting them at a higher risk of getting caught and facing prosecution.
Any SMB that handles financial information or stores valuable and private data about customers is a potential target for cyberattacks. According to the Verizon 2019 DBIR (Data Breach Investigations Report), 71% of breaches were financially motivated.
Understanding the technology available to prevent attacks can appear daunting and be put lower on the priority list of day to day tasks, projects, and activities to keep SMB’s running smoothly. it is important for SMB’s to place a high-value on cybersecurity measures.
Do you have questions about the latest in cybersecurity solutions and how to protect your organization from cyberattacks attacks? We want to help! Fill out the form below and a Cybersecurity expert will reach out at your earliest convenience to answer your questions.
The post 5 Cybersecurity Takeaways From 2019 appeared first on Accellis Technology Group.
This content was originally published here.
Businesses should be worried that Canadians increasingly don’t trust them to handle their personal data and information generated through online buying, according to a senior federal privacy official. In an ...
