5 Cybersecurity Takeaways From 2019
The world of cybersecurity is rapidly evolving with new technologies, terms, definitions, and services. What can small and medium-sized businesses (SMB’s) learn from 2019?
Class Action Lawsuits
The latest cybersecurity news in 2019 and probably the most eyeopening, is the class-action lawsuit filed against operator DCH Health System in Alabama by four patients visiting three hospitals. The suit claims the company violated federal health information privacy laws (HIPAA) and endangered their medical care during the RYUK Ransomeware attack in October of 2019. The four patients accuse the health system of negligence, invasion of privacy, breach of contract, and breach of fiduciary duty. According to Tony Pietrocola, President of Agile1:
The rise in class-action lawsuits from ransomware in 2019 was alarming, this could be a very ugly trend for SMB’s in 2020.
Tony Pietrocola lists the following as some preventative measures that users and administrators can employ as best practices:
- Regular backups of critical data in case of any loss (not just ransomware).
- The Timely application of software patches from OS and third-party vendors.
- Exercise correct email and website safety practices – downloading attachments, clicking URLs, or executing programs only from trusted sources.
- Encourage users to alert the IT Security team of potentially suspicious emails and files.
- Ensure your security products are updated regularly and perform periodic scans.
- Implement application whitelisting on your endpoints to block all unknown and unwanted applications.
- Regular user education around the dangers and signals of social engineering.
On several occasions in 2019, both larger and smaller MSPs (Managed Service Providers) found themselves under attack from the same threats they protect their clients from. A large MSP in California, which was never publicly identified, was forced to pay $150,000 in Bitcoin to gain access to the decryption keys required to recover the data that was not protected by air-gapped backups,” according to MSSP Alert.
KrebsOnSecuity has reported that the MSP Synoptek suffered a Sodinokibi ransomware attack on December 23rd, 2019. A Synoptek customer who was briefed on the incident said the intruders used a remote management tool to install the ransomware on client systems. Cyberattacks on MSP’s are particularly dangerous due to the amount of client data an MSP has access to on their network. If an MSP has gaps in its security, a snowball effect can take place, meaning each of its clients is now at risk of data and security breaches.
Director of Cybersecurity at Accellis Technology Group, Tom Fazio, has advice for MSP’s and how to protect their data along with their client’s data:
It is important for MSP’s to study and understand the NIST Cybersecurity Framework. This will help mitigate risk within your own business before moving on and mitigating risk across your client base
Other necessary steps an MSP can take to fight ransomware, and other cyberattacks are:
- Timely application of software patches from OS and third-party vendors.
- Monitor your network for suspicious activity with a Security Operation Center.
- Become active in the cybersecurity community and join InfraGard.
- Engage in cybersecurity awareness training for employees.
- Attend cybersecurity conferences such as Black Hat and Defcon
Big Data Breaches
The Equifax data breach of 2017 was still grabbing headlines in 2019, but unfortunately, the trend of big data breaches only intensified. Some of the statistics of 2019 are staggering. Consider these statistics for the first half of the year:
- 3,800: The number of publicly disclosed breaches.
- 4.1 billion: The number of records exposed.
- +54%: Increase in the number of reported breaches vs. first six months of 2018.
Outside of the more notable data breaches such as the third-party Facebook apps exposing 540 million records and DoorDash exposing almost 5 million customers, employees, and merchant private information, Norton.com listed some of the larger breaches in 2019 that you may not have heard about.
Date: March 22 and 23, 2019
Number of records breached: 106 million
Date: February 22, 2019
Number of records breached: 100 million
Date: December 14, 2018, to March 22, 2019
Number of records breached: 1.3 million
Federal Emergency Management Agency (FEMA)
Date: The Office of the Inspector General issued its findings on March 15, 2019
Number of records exposed: 2.3 million
Hackers and cybercriminals are targeting data. Both large and small companies need to view data the way financial institutions view currency.
Lateral Phishing Gains Steam
In August of 2019 Barracuda has released Volume 2 of the Spear Phishing: Top Threats and Trends report, Email Account Takeover: Defending Against Lateral Phishing. Barracuda defines lateral phishing as an effective way for attackers to leverage legitimate accounts compromised through email account takeover.
If an attacker can secure vital private information within an organization, lateral movement and data exfiltration activities can be especially difficult to detect and give the appearance of normal network traffic. According to Barracuda:
- 1 in 7 organizations experienced lateral phishing attacks.
- 11 percent of attacks successfully compromised additional employee accounts.
- 42 percent of the lateral phishing incidents do not appear to have been reported by a recipient to the organization’s IT or security team.
Here are a few basic steps to help organizations defend against lateral phishing.
- Security Awareness Training – Security awareness training for end-users regarding lateral phishing email attempts will help make these attacks less successful. Since lateral phishing attacks are sent from a legitimate—but compromised—account, users can often still carefully check the destination URL of any link before they click it to help identify a lateral phishing attack.
- Advanced Detection Techniques – With lateral phishing attacks becoming increasingly difficult to detect, organizations should invest in advanced detection techniques and services that use artificial intelligence and machine learning to automatically identify phishing emails.
- Two-factor authentication – To help mitigate the risk of lateral phishing use strong two-factor authentication (2FA), such as a two-factor authentication app or a hardware-based token if available.
SMB’s Feeling the Pain
In March of 2019, Accellis Technology group shared some staggering statistics regarding cyberattacks on SMB’s. Here is a recap.
- 43 percent of cyberattacks target small businesses.
- Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective.
- 60 percent of small companies go out of business within six months of a cyberattack.
- 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
SMB’s are easier targets for hackers. Larger organizations tend to have cybersecurity solutions in place due to the amount of private information they must protect and can allocate money & resources that put security higher on the priority list. For a hacker, trying to breach larger organizations costs time & money, putting them at a higher risk of getting caught and facing prosecution.
Any SMB that handles financial information or stores valuable and private data about customers is a potential target for cyberattacks. According to the Verizon 2019 DBIR (Data Breach Investigations Report), 71% of breaches were financially motivated.
Understanding the technology available to prevent attacks can appear daunting and be put lower on the priority list of day to day tasks, projects, and activities to keep SMB’s running smoothly. it is important for SMB’s to place a high-value on cybersecurity measures.
Do you have questions about the latest in cybersecurity solutions and how to protect your organization from cyberattacks? We want to help! Fill out the form below and a Cybersecurity expert will reach out at your earliest convenience to answer your questions.