InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Role of Compliance in Cybersecurity
The overall technology landscape is evolving at a breakneck pace. While these changes are meant to improve the quality of life, the unfortunate flip side is an increase in cyberthreats. This is why global cybersecurity spending increased from nearly $40 billion in 2019 to $54 billion in 2021.1 Unfortunately, due to a lack of spending on personnel or technology, SMBs are most likely to be targeted by threat actors.
Many organizations fall victim to cybercrime because compliance and security are not a high priority for them. For your organization to run smoothly, both compliance and security are critical. While compliance ensures that your organization stays within the bounds of industry or government laws/regulations, security ensures that your organization's integrity and vital data are safeguarded.
Know These Benefits
The following are the reasons why adhering to industry compliance regulations is so important from a cybersecurity perspective:
Encourages trust
Improves security posture
Reduces loss
Increases control
Industries and Regulations
While each industry has its own set of cybersecurity issues, some overlap. Phishing, for example, is a threat that almost all industries face. To combat these challenges, each sector has its own set of compliance and regulatory standards with specific provisions for security and privacy.
Some regulations apply to multiple industries as well. Note that compliance regulations change from one country to the next and sometimes even within the same country. Let’s take a look at some of the industries and their associated regulations:
Healthcare
In the healthcare industry, shared data is highly sensitive. Cybercriminals who steal protected health information (PHI) usually fetch a high price for it on the dark web. Therefore, there are regulations in place, like the ones mentioned below, to ensure the secure handling of data:
- In the United States, the Health Insurance Portability and Accountability Act (HIPAA) prohibits the disclosure of PHI without the patient's consent.
- In the European Union (EU), generic data protection laws, such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), regulate the handling of health-related data.
Finance
Finance is often the most regulated sector because a big chunk of data revolves around payments and financial transfers. Some of the most popular regulations in this industry are listed below.
- The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard aimed at reducing payment card fraud for organizations that deal with branded payment cards. The scope of this regulation goes beyond the financial industry.
- In Japan, the Act on the Protection of Personal Information (APPI) regulates the commercial usage of personal data.
- The EU's Payment Services Directive (PSD2) governs data transfer during end-to-end payments.
Defense
There are strict regulations in the defense sector since a breach could result in the disclosure of national secrets.
- The Cybersecurity Maturity Model Certification (CMMC) governs the Defense Industrial Base (DIB) in the United States.
- In Australia, the Defense Industry Security Program (DISP) assists organizations in understanding and meeting their security duties when working on defense projects, contracts and tenders.
Sources:
- Statista
- IBM CDBR 2020
Sinclair Broadcast Group
https://thecyberwire.com/newsletters/week-that-was/5/42Exploit: Ransomware
Sinclair Broadcast Group: Television Station Operator
Risk to Business: 1.227 = Extreme
Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.
Customers Impacted: Unknown
How It Could Affect Your Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.
Ferrara Candy Company
https://www.forestparkreview.com/2021/10/22/candy-production-impacted-by-ransomware-attack/
Exploit: RansomwareFerrara Candy Company: Candy Manufacturer
Risk to Business: 1.822=Severe
Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.
Customers Impacted: Unknown
How It Could Affect Your Business: Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.
United States – CoinMarketCap
https://www.cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-AddressesExploit: Hacking
CoinMarketCap: Cryptoasset Tracker
Risk to Business: 1.702=Severe
Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.
United Kingdom – Tesco
https://www.bbc.com/news/business-59027423Exploit: Hacking
Tesco: Supermarket Chain
Risk to Business: 2.115=Extreme
Ubiquitous UK supermarket cain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend.The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday itermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.
Switzerland – MCH Group
https://portswigger.net/daily-swig/swiss-exhibitions-organizer-mch-group-hit-by-cyber-attackExploit: Ransomware
MCH Group: Event Management
Risk to Business: 2.763 = Moderate
Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewellery show Baselworld.
Customers Impacted: Unknown
How it Could Affect Your Business: Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.
Spain – Atento
https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/Exploit: Hacking
Atento: Customer Service Center Operator
Risk to Business: 1.615 = Severe
Customer support giant Atento was hit by a cyberattack on it’s Brazil-based systems that primarily impacted it’s operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations ahve been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.
Customers Impacted: Unknown
How it Could Affect Your Business: Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers an other businesses that store a large volume of data.
Taiwan – Gigabyte
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/Exploit: Ransomware
Gigabyte: Computer Hardware Manufacturer
Risk to Business: 1.631 = Severe
Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen dataon its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip”containing confidentail data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.
Risk to Business: 1.6808 = Severe
Researchers also noted that some emoloyee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.
How it Could Affect Your Business: Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.
Sinclair Broadcast Group
https://thecyberwire.com/newsletters/week-that-was/5/42Exploit: Ransomware
Sinclair Broadcast Group: Television Station Operator
Risk to Business: 1.227 = Extreme
Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.
Customers Impacted: Unknown
How It Could Affect Your Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.
Ferrara Candy Company
https://www.forestparkreview.com/2021/10/22/candy-production-impacted-by-ransomware-attack/
Exploit: RansomwareFerrara Candy Company: Candy Manufacturer
Risk to Business: 1.822=Severe
Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.
Customers Impacted: Unknown
How It Could Affect Your Business: Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.
United States – CoinMarketCap
https://www.cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-AddressesExploit: Hacking
CoinMarketCap: Cryptoasset Tracker
Risk to Business: 1.702=Severe
Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.
United Kingdom – Tesco
https://www.bbc.com/news/business-59027423Exploit: Hacking
Tesco: Supermarket Chain
Risk to Business: 2.115=Extreme
Ubiquitous UK supermarket cain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend.The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday itermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.
Switzerland – MCH Group
https://portswigger.net/daily-swig/swiss-exhibitions-organizer-mch-group-hit-by-cyber-attackExploit: Ransomware
MCH Group: Event Management
Risk to Business: 2.763 = Moderate
Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewellery show Baselworld.
Customers Impacted: Unknown
How it Could Affect Your Business: Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.
Spain – Atento
https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/Exploit: Hacking
Atento: Customer Service Center Operator
Risk to Business: 1.615 = Severe
Customer support giant Atento was hit by a cyberattack on it’s Brazil-based systems that primarily impacted it’s operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations ahve been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.
Customers Impacted: Unknown
How it Could Affect Your Business: Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers an other businesses that store a large volume of data.
Taiwan – Gigabyte
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/Exploit: Ransomware
Gigabyte: Computer Hardware Manufacturer
Risk to Business: 1.631 = Severe
Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen dataon its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip”containing confidentail data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.
Risk to Business: 1.6808 = Severe
Researchers also noted that some emoloyee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.
How it Could Affect Your Business: Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.
What You Should Know if Your Business Is Targeted by Ransomware
It may not be news to you that ransomware is on the rise, but the numbers may leave you shocked. In 2020 alone, there were close to 300 million ransomware attacks worldwide.1 The cost of ransom payments demanded by hackers are also increasing in tandem with the increase in attacks. According to a recent projection, the global annual cost of ransomware attacks will touch $20 billion by the end of 2021.2Offerings like ransomware-as-a-service have made it easier for criminals with little technical knowledge to become threat actors. These attackers are less predictable and seem to lack a code of ethics. For example, groups in the past had lists of organizations they wouldn’t attack, such as cancer treatment facilities. That’s often not the case anymore.
A ransomware attack can affect any organization, regardless of size or industry. However, SMBs are the most vulnerable since cybercriminals count on these businesses to lack the resources to battle cybercrime or the IT teams to frequently evaluate cybersecurity measures. Even though SMBs continue to be disproportionately affected by these nefarious attacks, reporting and notifications rarely make the news unless a huge corporation experiences a breach.
With ransomware expected to hit businesses every 11 seconds2, always remember that it isn’t a question of IF but rather WHEN your business will come under attack. Keep in mind that with the right security solutions and measures in place, your business won’t have to experience a devastating breach. But first, there are a few things you should know if you experience a ransomware attack.
Before Reacting to a Ransomware Attack, Remember:
- The FBI advises against paying a ransom because spending money does not guarantee the hackers will share the keys to decrypt your data. While the FBI is an American organization, they raise a good point for businesses all across the globe.
It doesn’t make any sense to place your trust in cybercriminals who have already demonstrated that they aren’t afraid to break the law and take advantage of you for financial gain. However, many businesses find themselves in this situation because they don’t have sufficient security, backup or compliance measures, and are desperate to get their data back.
Keep in mind that another reason the FBI advises against giving in to ransomware demands is that you are encouraging criminals to conduct further attacks. If nobody ever paid ransom, it’s likely there wouldn’t be as many ransomware attacks. Criminals would have to find new ways to make money and would disregard ransomware as a viable venture.
- In case you fall victim to a ransomware attack and have no option other than paying, “ransomware negotiators” are available for hire.
In ransomware negotiations, the most crucial moment occurs long before the victim and hackers discuss the ransom. This is because by the time both sides start to discuss, hackers have already gained considerable control over the organization’s network by encrypting access to sensitive business data and other digital assets. The more data they encrypt, the greater the negotiating power they have.
So, even before you begin negotiations, you need to know how much data has been compromised and what negotiating methods have been employed in the past by the criminals. Professional ransomware negotiators can help at this stage. Although a ransomware negotiation rarely results in a ransom demand being totally withdrawn, it can significantly bring down the asking price.
- Victims of ransomware should expect the following:
- The data will not be erased in a trustworthy manner. It will be sold, improperly handled or stored for future extortion attempts.
- Multiple parties would have handled the exfiltrated data, making it insecure. Even if the hacker deletes a large portion of the data once the ransom is paid, other parties who had access to it may have made duplicates to make payment demands later.
- Before a victim can respond to an extortion attempt, the data may get leaked either intentionally or inadvertently.
- Even if the threat actor explicitly promises to release the encrypted data after payment, they may not keep their word.
Make Your Move Before It’s Too Late
You’re probably wondering what steps you can take right now to combat the menace of ransomware targeting vulnerable systems. Our best recommendation is layered security.
Since no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization's defenses or have already done so. The goal of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.
If the idea of protecting your business is overwhelming, don’t worry. You don’t have to do it alone. Collaborate with an experienced partner like us to do the heavy lifting for you. Our cybersecurity expertise and knowledge will help you pave the way to a more secure future.
Sources:
- Statista
- Cybersecurity Ventures
What You Should Know if Your Business Is Targeted by Ransomware
It may not be news to you that ransomware is on the rise, but the numbers may leave you shocked. In 2020 alone, there were close to 300 million ransomware attacks worldwide.1 The cost of ransom payments demanded by hackers are also increasing in tandem with the increase in attacks. According to a recent projection, the global annual cost of ransomware attacks will touch $20 billion by the end of 2021.2 Offerings like ransomware-as-a-service have made it easier for criminals with little technical knowledge to become threat actors. These attackers are less predictable and seem to lack a code of ethics. For example, groups in the past had lists of organizations they wouldn’t attack, such as cancer treatment facilities. That’s often not the case anymore.
A ransomware attack can affect any organization, regardless of size or industry. However, SMBs are the most vulnerable since cybercriminals count on these businesses to lack the resources to battle cybercrime or the IT teams to frequently evaluate cybersecurity measures. Even though SMBs continue to be disproportionately affected by these nefarious attacks, reporting and notifications rarely make the news unless a huge corporation experiences a breach.
With ransomware expected to hit businesses every 11 seconds2, always remember that it isn’t a question of IF but rather WHEN your business will come under attack. Keep in mind that with the right security solutions and measures in place, your business won’t have to experience a devastating breach. But first, there are a few things you should know if you experience a ransomware attack.
Before Reacting to a Ransomware Attack, Remember:
- The FBI advises against paying a ransom because spending money does not guarantee the hackers will share the keys to decrypt your data. While the FBI is an American organization, they raise a good point for businesses all across the globe.
Keep in mind that another reason the FBI advises against giving in to ransomware demands is that you are encouraging criminals to conduct further attacks. If nobody ever paid ransom, it’s likely there wouldn’t be as many ransomware attacks. Criminals would have to find new ways to make money and would disregard ransomware as a viable venture.
- In case you fall victim to a ransomware attack and have no option other than paying, “ransomware negotiators” are available for hire.
So, even before you begin negotiations, you need to know how much data has been compromised and what negotiating methods have been employed in the past by the criminals. Professional ransomware negotiators can help at this stage. Although a ransomware negotiation rarely results in a ransom demand being totally withdrawn, it can significantly bring down the asking price.
- Victims of ransomware should expect the following:
- The data will not be erased in a trustworthy manner. It will be sold, improperly handled or stored for future extortion attempts.
- Multiple parties would have handled the exfiltrated data, making it insecure. Even if the hacker deletes a large portion of the data once the ransom is paid, other parties who had access to it may have made duplicates to make payment demands later.
- Before a victim can respond to an extortion attempt, the data may get leaked either intentionally or inadvertently.
- Even if the threat actor explicitly promises to release the encrypted data after payment, they may not keep their word.
Make Your Move Before It’s Too Late
You’re probably wondering what steps you can take right now to combat the menace of ransomware targeting vulnerable systems. Our best recommendation is layered security.
Since no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization's defenses or have already done so. The goal of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.
If the idea of protecting your business is overwhelming, don’t worry. You don’t have to do it alone. Collaborate with an experienced partner like us to do the heavy lifting for you. Our cybersecurity expertise and knowledge will help you pave the way to a more secure future.
Sources:
- Statista
- Cybersecurity Ventures