Keeping Your Practice Cyber-Safe: Solutions Born of Experience

Mar 07, 2023 at 09:15 am by steve


By: Heather Meadows, Dynamic Quest

It is a common misconception that Cyber Attacks are instant. That if you have been attacked, it happened in that moment. It is violating enough to imagine someone breaking into your home, but I want you to imagine it. This time the criminal is not in your home for seconds, minutes, or hours. This time the criminal is in your home for days, weeks, or months. Stealing what is yours, stealing what is your family’s, stealing what your friends and neighbors left behind and trusted you with. Items for which you feel responsible for. These criminals are in your home accumulating all the belongings they can, and the only way you find out they have been in your home is because they have now locked you out. They have not only locked you out, but they are forcing you to pay to get back in. This is the reality of many Cyber Crimes today.

Cyber Crime is on the rise. The FBI Cyber Division has seen a 400 percent increase in complaints since Covid-19 began. There are numerous reasons leading to an increase, but most of them involve these Cyber Criminals capitalizing on our human nature and the additional stress factors Covid-19 has forced upon us. We want things fast. We want things easy. Colonial Pipeline’s attack this past summer is an excellent example of Cyber Criminals capitalizing on just that: our human nature and the pain points of Cyber Security this pandemic has put additional pressure on. The world has been forced even more so into the digital age, and it requires organizations to reflect on whether they have taken the actions needed to protect themselves.

Cyber Crime: Colonial Pipeline

It was 5:00 a.m. on May 7th, 2021 when a ransom note demanding cryptocurrency appeared on a control room computer at Colonial Pipeline. It was immediately reported to the operations supervisor and the company prepared for the next critical steps. By 6:10 a.m. that morning, just one hour and 10 minutes after this discovery, the entire pipeline was shut down. In its nearly 60 year history, Colonial Pipeline had never shut down the entirety of its gasoline pipeline. While steps to mitigate risk of the attack were happening retroactively, the supervisor and Colonial Pipeline did not know at the time that the criminals had been in the system for over a month. They had entered it with just one single compromised password on an inactive remote employee account.

The Colonial Pipeline account that was accessed by these cyber attackers using a single compromised password was done through a remote network account, a remote network account that should have been disabled prior to the attack because the employee was no longer with the company. Consider what policies and procedures you have in place for when an employee is no longer with the company, especially those policies for deactivating and monitoring their accounts within your network. Overlooking such simple security policies cost Colonial Pipeline millions of dollars.

Security Solutions Should be Proactive

Luckily, there are steps companies can take to be more proactive in their security posture, steps that even small companies can employ now to close gaps in their current networks.

Taking proactive measures now can save your company in risk, frequency, severity. Fighting the battle retroactively can have a critical impact on your company’s finances and reputation. While nothing is foolproof, we now live in an age of not “if” but “when” you are cyber attacked.

Two-Factor Authentication (2FA)

One of the biggest errors in Colonial Pipeline’s IT security, beyond not deactivating the unused employee account, was the lack of Two-Factor Authentication (2FA) on their accounts. Two- Factor Authentication works by adding an additional layer of security, whether that is your email, financial, vendor, or social media accounts. It requires additional login credentials beyond just the username and password to gain access. Getting that second credential requires access to another device (most commonly a cell phone) or another account (such as a different email account.) If Two-Factor Authentication had been employed at Colonial Pipeline, it would have made it almost impossible for the Cyber Criminals to gain access that day because they would have needed access to the additional device or account.

Dark Web Monitoring

Another preventative measure Colonial Pipeline should have taken is using Dark Web Monitoring. Dark web monitoring is the process of searching for and keeping track of personal information found and leaked for sale on the online illegal marketplace. In the wake of the Colonial Pipeline attack, it was discovered that the former employee whose account was attacked had their information exposed on the Dark Web. This is is all too common; it is estimated that compromised passwords are responsible for 81 percent of hacking- related breaches, with 48 percent of workers using the same passwords for dozens of their personal and work accounts.

The Dark Web is how Colonial’s Pipeline’s former employee’s credential information was most likely obtained. While no one company can 100 percent guarantee the ability to monitor the Dark Web, this is a great tool to strengthen your company’s security posture and receive notifications if you or someone at your company has had their credentials shared on the Dark Web. Think of this invaluable service as your canary in a coal mine, letting you know there is trouble ahead and to take proper steps to protect your company.

Password Best Practices

Password complexity, policy, and education is also vitally important. Employees will re-use the same passwords for multiple accounts. It is important to be aware of the dangers in doing so. Enforcing password standards within your network through an active directory can also save you in the long run. Active Directory, or commonly referred to as AD, is a database and set of services that connect users with the network resources that are needed to do their job. The directory contains critical information about the work environment. This includes what users and computers there are and who's allowed to do what. This also allows network administrators to set rules about complexity, length, and expirations for user passwords. While no one likes having to remember a new password, it is important that simple policies like these are utilized

 

across the entire company. As evidenced by Colonial Pipeline, a single unprotected password was all that was needed to shut down the whole company.

Social Media Vigilance

An additional vulnerability we create for ourselves is that of social media presence. We must be better guardians of our information, and there is no better place to start than your company and employees’ web and social media presence. While these are incredible tools for branding, promotion, marketing, and connection, they are also unfortunately excellent resources for cyber criminals to “scrape” information from and create more targeted phishing attacks. Allowing them to acquire useful knowledge they can use to gain access to your network. Data scraping is an approach criminals use to cull information, in this case publicly posted information on websites and social media platforms. Data scraping is most commonly used for this purpose of web scraping and gathering valuable information from websites, but there are other malicious ways it can be utilized. In its most basic state, it refers to a technique in which a computer program extracts data from output generated from another program. LinkedIn has been a prime source for these criminals to obtain information, though it should be noted that such acts are against the “Terms of Use Agreement.”

Security Awareness Training

It is also important to note that these phishing attacks can occur over various mediums (email, text, social media, etc.) and that these criminals do not hesitate to impersonate people or brands in doing so. The most impersonated brands today are Microsoft, Netflix, Facebook, FedEx, and Google, brands everyone uses. Therefore, proactive training is another requirement being added to Cyber Security Insurance Policies. It is directly related to the fact that 91% of the breaches today are facilitated via well-meaning employees just trying to do their jobs.

Knowledge and education are the foremost tools in the frontline defense, and we need to be more cognizant of the information we are giving away freely.

I have seen how proactive training has saved companies and employees from falling victim to phishing campaigns. Phishing attacks are the most common method that cybercriminals use to gain access to an organization’s network. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers. Scammers take advantage of human nature to trick their target into falling for the scam by offering some incentive (free stuff, a business opportunity, threats, etc.) or creating a sense of urgency or fear. Some key steps in avoiding becoming prey are:

  • Do not trust unsolicited emails
  • Do not send any funds to people who request them by email, especially not before checking with leadership
  • Do not click on unknown links in email messages - If the email has a link, stop and think!
  • Configure your email client properly
  • Install firewalls and keep them up to date
  • Beware of email Verify any unsolicited attachments with the alleged sender (via phone or other medium) before opening it

Prior to being ransomed for $4.4 Million, Colonial Pipeline was looking to assess their risk. This is an excellent resource for verifying your security posture and one if they had made it sooner would have cost them significantly less than their ransom. Risk assessments should be done regularly and proactively. Most risk assessments will give you prioritized steps and outlines to better protect your company and remediate risk. A good risk assessment should include:

  • Assets- Data Type, Critical Components, and Impact
  • Vulnerabilities- Third Party Access, Likelihood of Exploit, Attack Vectors
  • Remediation- In Place Controls and Governance
  • Risk Levels- Calculated Exposure, Current State, and Future State

IT Governance Polities

While it has become unavoidable, working from home can prove to be a risk to the company network. Keeping good policies and governances for such work is critical. When considering guidelines here are some things to keep in mind:

  • Remote workers must have up-to-date company mandated security solutions on cell phones, tablets, and laptops.
  • Work devices are only for the authorized user and for authorized This means family use and unrelated work cannot be done on company-provided devices.
  • Strong home security on their networks and/or the use of VPNs (Virtual Private Networks).
  • If using video teleconferencing, you should use a platform that ensures meetings are private, either with passwords or controlling access from a waiting The platform should also provide end-to-end encryption.
  • Consider having the ability to remotely wipe devices in case they are lost or stolen. Mobile device management platforms can perform most or all of these services, allowing remote workers to continue to use their own devices while ensuring the safety of company data.

Additional Measures

  • Anti-virus - Designed to detect and destroy computer
  • Anti-malware - A type of software program created to protect information technology systems and individual computers from malicious software, known as malware. Anti- malware programs scan a computer system to prevent, detect, and remove
  • SPAM Filtering - Detects unsolicited, unwanted, and virus-infected email, and stops it from getting into email inboxes.
  • DNS Filtering - Is the practice of blocking access to certain sites for a specific purpose, often content-based filtering.
  • Backing Up Data - Making a copy of computer data taken and stored elsewhere so that it may be used to restore the original.

Heather Meadows is and Account Executive at Dynamic Quest

Sections: Blog




March 2024

Mar 20, 2024 at 11:19 am by kbarrettalley

Your March 2024 Issue of Birmingham Medical News is Here!