This week, we’re focusing on Critical Control 5: Controlled Use of Administrative Privileges. More specifically:
Week 4 of National Cyber Security Awareness Month focuses on our continuously connected lives in a rapidly developing digital world. Mobile security plays a big role in staying safe as more organizations than ever rely on cell phones, tablets, and laptops for business. Does your cybersecurity strategy keep mobile in mind? Here are four mobile security tips to help your organization stay secure in a connected and moving business environment.
To celebrate National Cyber Security Awareness Month, CIS is kicking off each week in October with a deep dive into one of the top 5 CIS Controls.
This week, we’re focusing on Critical Control 4: Continuous Vulnerability Assessment and Remediation. More specifically:
“Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.”
Written by: Emily Cranston, Senior Cyber Intelligence Analyst & Curt Beall, MS-ISAC Intel Unit Intern
Tech support scams have been around for years: you answer the phone and the person on the other end claims to be working with a well-known tech company. They try to convince you that your computer is sending out error messages, attacking another computer, or infected with viruses. Malicious actors use this scam to cold-call victims, gain access to victims’ computers, install malware, steal information, or receive payment for fraudulent services.
It is hard to ignore the recent increase in reporting of hospitals victimized by ransomware. Ransomware has become such an issue that the MS-ISAC, along with our partners at the National Health Information Sharing and Analysis Center (NH-ISAC) and Financial Services Information Sharing and Analysis Center (FS-ISAC), teamed up to host trainings around the country on how to defend against it.
Organizations are often too preoccupied with defending the integrity of their company and network from external threats to address the very real and dangerous risk that may lie within their own organization - insiders. The insider poses a threat because the legitimate access they have or had to proprietary systems discounts them from facing traditional cybersecurity defenses, such as intrusion detection devices or physical security.
Referred to as the “Billion Dollar Scam” by the Federal Bureau of Investigation (FBI), Business Email Compromise (BEC) scammers use a spoofed email or compromised account to trick employees into initiating a money transfer to an alternate (fraudulent) account. The scammers almost always pretend to be a person of power within the organization, such as the CEO or CFO.
Distributed denial of service (DDoS) attacks are a popular tactic, technique, and procedure (TTP) used by hacktivists and cybercriminals to overwhelm a network to the point of inoperability. This can pose a serious problem for healthcare providers who need access to the network to provide proper patient care or need access to the Internet to send and receive emails, prescriptions, records, and information.
It seems that every day another hospital is in the news as the victim of a data breach. The routine is familiar - individuals receive notification by (e)mail of the breach, paired reassuringly with two free years of credit and identity monitoring. (One might wonder - Is there even anyone left who isn’t being monitored?) According to the Ponemon Institute and Verizon Data Breach Investigations Report, the health industry experiences more data breaches than any other sector.[i] There may be some potential for bias in this claim, due to the well-defined, legally mandated reporting requirements of the Health Insurance Portability and Accountability Act (HIPPA), which makes it more likely healthcare breaches will be reported compared to breaches in other sectors.
Every year since 2003 October has been recognized as National Cyber Security Awareness Month (NCSAM). This effort was brought to life through a collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance. NCSAM was created to ensure that every individual stays safe and secure online.