InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Major breaches at two medical service providers are sending shockwaves throughout the industry. A new email security report from Graphus shows massive cybercrime increases. Plus, government entities around the world have another bad week and a look at how to protect your clients from ransomware attacks targeting infrastructure like this week’s Colonial Pipeline disaster including who should be beefing up security to stay safe from cybercrime.
Risk to Business:Â 1.607= Severe
A reported ransomware attack on MedNetwoRX has impeded medical providers’ access to their Aprima electronic health record systems for more than two weeks. This hack impacts medical practices, clinics and hospitals of all sizes, from solo providers to conglomerates that rely on MedNetworx to host the Aprima electronic medical records system from vendor CompuGroup eMDs. MedNetworx says that on April 22, it experienced a network outage that resulted in a temporary disruption to its servers and other IT systems. Two major clients, Arthritis & Osteoporosis Center of Kentucky, the Alpine Center for Diabetes, Endocrinology and Metabolism, have been identified as victims as well as many small single and partner practices. The incident is under investigation and some functionality has been restored.
Individual Impact:Â No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.
Customers Impacted:Â Unknown
How It Could Affect Your Business: This is the kind of third-party service provider incident that reverberates for months as rolling damage becomes apparent. With no clear word on what if any data was stolen, your clients could be waiting for a nasty surprise.
Risk to Business:Â 1.722= Severe
The city of Tulsa, Oklahoma, has been hit by a ransomware attack that affected the city government’s network and brought down official websites. The attack, which took place on the night between Friday and Saturday, is under investigation and city IT crews have begun restoring functionality and data from backups. This follows a string of ransomware attacks on other US municipalities in recent weeks. City officials were careful to note that no customer information has been compromised, but residents will see delays in-network services. While emergency response is not hampered, 311, some credit card payment systems and the city’s new online utility billing system were impacted.
Individual Impact:Â No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.
Customers Impacted:Â Unknown
How it Could Affect Your Business:Â Ransomware has been an especially nasty foe for government entities, especially cities and towns. Cybercriminals know that these targets are likely to pay ransoms and unlikely to have strong security or security awareness training in place.
Risk to Business:Â 1.523 = Severe
The Fermilab physics laboratory has taken action to lock down its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details and credentials. Fermilab, which is part of the US Department of Energy, is a world-famous particle accelerator and physics laboratory in Batavia, Illinois. One database the researchers discovered allowed unauthenticated access to 5,795 documents and 53,685 file entries. One entry point led into Fermilab’s IT ticketing system, which displayed 4,500 trouble tickets. Also found was an FTP server that required no password and allowed anyone to log in anonymously. Other impacted systems exposed credentials, experiment data and other proprietary information that were stored with no security.
Individual Impact:Â No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Proprietary data needs to be stored securely. Not only does it give your competition an edge if they can see what you’re doing, but it also gives cybercriminals an edge when they’re crafting a cyberattack against your company.
Risk to Business:Â 1.668 = Severe
Someone who runs training programs may need to upgrade their security awareness training. Defense contractor BlueForce has been hit by the Conti ransomware group. The gang posted data from the operation on its leak site along with supposed chat records from its negotiation with BlueForce. The Conti gang has demanded 17 bitcoin for the decryption key. BlueForce is a Virginia-based defense veteran-owned contractor that works with the US Department of Defense and the US Department of State on program management, training and development initiatives.
Individual Impact:Â No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Increased security awareness training makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.
Risk to Business:Â 1.907 = Severe
Texas-based CaptureRx, fell victim to a ransomware attack in which cybercriminals snatched files containing the personal health information (PHI) of more than 24,000 individuals. The security breach impacted 17,655 patients of Faxton St. Luke’s Healthcare and a further 6,777 patients at Gifford Health Care as well as an indeterminate number of Thrifty Drug Store patients. CaptureRx is currently unclear how many of its healthcare provider clients have been affected by the attack. Nor has the company finished its final tally of how many individuals had their PHI exposed because of the incident.
Risk to Business:Â 1.959 = Severe
Data exposed and stolen by the ransomware attackers included names, dates of birth, prescription information, and, for a limited number of patients, medical record numbers. Affected healthcare provider clients were notified of the incident by CaptureRx between March 30 and April 7.
Customers Impacted: 24K +
How it Could Affect Your Business: The medical sector has been absolutely battered by ransomware in the last 12 months. Breaches at service providers like this and Accellion show that cybercriminals are playing smart by hitting targets that offer them access to a variety of information that has value for future attacks.
Risk to Business:Â 1.572 = Severe
The Alaska Court System (ACS) was forced to temporarily disconnect its online servers this week due to a cyberattack that installed malware on their systems, disrupting virtual court hearings. The court’s website had been taken offline and the ability to search court cases had been suspended while it worked to remove malware that had been installed on its servers. Activities that may be impacted by the ACS taking its website offline include the ability of the public to view court hearings over Zoom, online bail payments, submitting juror questionnaires and sending or receiving emails to or from an ACS email address.
Individual Impact:Â No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for cybercrime especially against local, state and municipal governments with often weak or outmoded IT departments.
Risk to Business:Â 2.109 = Severe
The ransomware group Avaddon is threatening to release a trove of sensitive information including images of passports, driver’s licenses and employment contracts from a ransomware hit on the NSW Labor Party. The cybercriminals have demanded a response to its ransom request within 240 hours and threatened to launch a denial of service attack against the party if it did not pay. NSW Police has come on board in the investigation.
Individual Impact:Â No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Ransomware is the modern cybercriminal’s weapon of choice. Make sure your clients are taking every possible precaution because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.
Risk to Business:Â 2.307 = Severe
Melbourne-based Schepisi Communications has been the victim of a suspected ransomware attack. The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web. The company is a service provider for Telstra that supplies phone numbers and cloud storage services. Among Schepisi’s other customers that appeared to have had their information exposed were global food conglomerate Nestle, a Melbourne radio station, an Australian property management firm, and a financial services company based in Victoria.
Individual Impact:Â No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Malware and ransomware have been the plague of increasingly beleaguered service providers.
Risk to Business:Â 1.817 = Severe
Legendary cybercrime gang ShinyHunters has dumped a database belonging to WedMeGood, a popular Indian wedding planning platform. WedMeGood is yet to verify the data breach. Dark web analysts say that the database contains 41.5 GB worth of data. Lately, the hacking group has been focusing on leaking databases of Indian entities.
Risk to Business:Â 1.773 = Severe
Impacted users have had PII exposed including full names, city, gender, phone numbers, email addresses, password hashes, booking leads, last login date, account creation date, Facebook unique ID numbers, vacation descriptions for Airbnb and other wedding details. Site users will want to be aware of the potential of spear-phishing attacks using this data.
Customers Impacted:Â Unknown
How it Could Affect Your Business: Ransomware attacks have been especially prevalent against targets in India recently. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack.
Many SMBs operate with a sense of unrealistic optimism when it comes to data loss and disaster recovery. However, the reality can be quite different and can negatively affect your business if you’re not vigilant. As the rate of digitalization increases, so does the risk of data loss. Can your business afford a data-loss incident?
It doesn’t matter if data loss happens because of human error, cyberattack or natural disaster. It can have far-reaching consequences such as:
Severe downtime: For SMBs, per-hour downtime costs vary from $10,000 to $50,000.1
Damage to reputation: One-third of customers will end their association with a business following a severe data loss.2
Regulatory penalties: Failure to protect data can draw penalties worth 2% to 4% or more of company turnover.3
Permanent closure: Some businesses are unable to recover from an incident and close permanently.
Prioritizing backup and disaster recovery for your business is very important. A comprehensive backup and disaster recovery solution provides secure, uninterrupted backup and quick data recovery — with a cloud-based architecture that ensures the business runs seamlessly in the event of a disaster.
Key Terms Used in Backup and Disaster Recovery
The following terms will give you an idea about the type of actions and processes you should aim to implement within your business:
Minimum Business Continuity Objective (MBCO)
MBCO signifies the minimum level of output needed after severe disruption to achieve business objectives.
Maximum Tolerable Period of Disruption (MTPD)
MTPD is the duration after which the impact on a business caused by minimal or zero output becomes intolerably severe.
Recovery Time Objective (RTO)
RTO is the time it takes before employees can start working after a data-loss event. It’s usually measured in minutes.
Recovery Point Objective (RPO)
RPO is the amount of work that can be lost and will need to be done again after a data-loss event. It’s usually measured in seconds.
Deploy Backup and Disaster Recovery Today
Having an effective backup and disaster recovery solution provides several benefits. Here are the top six:
Stay protected against natural disasters
The first half of 2020 alone had close to 200 reported natural disasters. While it’s impossible to stop a natural disaster, you can ensure your data is protected and take the necessary measures to prevent downtime.
Minimize the impact of a cyberattack
With the rate of cyberattacks going through the roof and with SMBs being a constant target of attacks, it is essential to have a robust backup and disaster recovery solution to protect your business.
Safeguard sensitive data
If your business handles sensitive data like Personally Identifiable Information (PII), measures should be taken to ensure it never ends up in the wrong hands. Safeguarding all critical data can build your business’s reputation and prevent regulatory penalties.
Quick recovery
It doesn’t matter how disaster strikes. What matters is how quickly your business bounces back. A good backup and disaster recovery solution helps you get up and running as soon as possible.
Reduce the impact of human error
From accidental or intentional misdelivery or deletion to corruption of data, employees can pose a security threat to your business. Deploying backup and disaster recovery is, therefore, crucial. You must also train your employees on the difference between acceptable and unacceptable behavior.
Tackle system failure
Unexpected system failure can lead to downtime if you don’t equip your business with backup and disaster recovery.
Remember, it’s your responsibility to protect your business from data loss and its chaotic aftereffects. If you can’t handle this alone, don’t worry. We’re here for you. With our backup and disaster recovery solutions, we can help build a resilient strategy to protect your business against data loss and give you much-needed peace of mind in the event of a disaster.
Many SMBs operate with a sense of unrealistic optimism when it comes to data loss and disaster recovery. However, the reality can be quite different and can negatively affect your business if you’re not vigilant. As the rate of digitalization increases, so does the risk of data loss. Can your business afford a data-loss incident?
It doesn’t matter if data loss happens because of human error, cyberattack or natural disaster. It can have far-reaching consequences such as:
Severe downtime: For SMBs, per-hour downtime costs vary from $10,000 to $50,000.1
Damage to reputation: One-third of customers will end their association with a business following a severe data loss.2
Regulatory penalties: Failure to protect data can draw penalties worth 2% to 4% or more of company turnover.3
Permanent closure: Some businesses are unable to recover from an incident and close permanently.
Prioritizing backup and disaster recovery for your business is very important. A comprehensive backup and disaster recovery solution provides secure, uninterrupted backup and quick data recovery — with a cloud-based architecture that ensures the business runs seamlessly in the event of a disaster.
Key Terms Used in Backup and Disaster Recovery
The following terms will give you an idea about the type of actions and processes you should aim to implement within your business:
Minimum Business Continuity Objective (MBCO)
MBCO signifies the minimum level of output needed after severe disruption to achieve business objectives.
Maximum Tolerable Period of Disruption (MTPD)
MTPD is the duration after which the impact on a business caused by minimal or zero output becomes intolerably severe.
Recovery Time Objective (RTO)
RTO is the time it takes before employees can start working after a data-loss event. It’s usually measured in minutes.
Recovery Point Objective (RPO)
RPO is the amount of work that can be lost and will need to be done again after a data-loss event. It’s usually measured in seconds.
Deploy Backup and Disaster Recovery Today
Having an effective backup and disaster recovery solution provides several benefits. Here are the top six:
Stay protected against natural disasters
The first half of 2020 alone had close to 200 reported natural disasters. While it’s impossible to stop a natural disaster, you can ensure your data is protected and take the necessary measures to prevent downtime.
Minimize the impact of a cyberattack
With the rate of cyberattacks going through the roof and with SMBs being a constant target of attacks, it is essential to have a robust backup and disaster recovery solution to protect your business.
Safeguard sensitive data
If your business handles sensitive data like Personally Identifiable Information (PII), measures should be taken to ensure it never ends up in the wrong hands. Safeguarding all critical data can build your business’s reputation and prevent regulatory penalties.
Quick recovery
It doesn’t matter how disaster strikes. What matters is how quickly your business bounces back. A good backup and disaster recovery solution helps you get up and running as soon as possible.
Reduce the impact of human error
From accidental or intentional misdelivery or deletion to corruption of data, employees can pose a security threat to your business. Deploying backup and disaster recovery is, therefore, crucial. You must also train your employees on the difference between acceptable and unacceptable behavior.
Tackle system failure
Unexpected system failure can lead to downtime if you don’t equip your business with backup and disaster recovery.
Remember, it’s your responsibility to protect your business from data loss and its chaotic aftereffects. If you can’t handle this alone, don’t worry. We’re here for you. With our backup and disaster recovery solutions, we can help build a resilient strategy to protect your business against data loss and give you much-needed peace of mind in the event of a disaster.
Cybercriminals work round the clock to detect and exploit vulnerabilities in your business’ network for nefarious gains. The only way to counter these hackers is by deploying a robust cybersecurity posture that’s built using comprehensive security solutions. However, while you’re caught up doing this, there is a possibility you may overlook mitigating the weakest link in your fight against cybercriminals — your employees.
With remote work gaining traction and decentralized workspaces becoming the new norm, businesses like yours must strengthen their cybersecurity strategies to counter human errors and data breaches perpetrated by malicious insiders. All employees, irrespective of their designation/rank, can expose your business vulnerabilities to cybercriminals.
Implementing routine security awareness training for employees can help you prevent a vulnerability from escalating into a disaster. As the first line of defense against cyberattacks, your employees must be thoroughly and regularly trained to identify and deflate potential cyberthreats.
Why Employees Pose a Risk to Businesses?
According to IBM’s Cost of a Data Breach Report 2020, 23 percent of data breaches in an organization occurred because of human error. An untrained employee can compromise your business’ security in multiple ways. Some of the most common errors committed by employees include:
Falling for phishing scams: With the onset of COVID-19, hackers masquerading as the World Health Organization (WHO) tricked people into clicking on malicious links and sharing sensitive information. Cybercriminals are using improved techniques, like spoofed emails and text messages, to propagate the ongoing scam. Your employees must be well-trained to counter it.
Bad password hygiene: A section of your employees might reuse the same password or a set of passwords for multiple accounts (business and personal), which is a dangerous habit that allows cybercriminals to crack your business’ network security.
Misdelivery: Even slight carelessness can lead to an employee sending sensitive, business-critical information to a hacker. Such an act can cause lasting damage to your business, which is why you must be prepared to counter it.
Inept patch management: Often, employees can delay the deployment of a security patch sent to their device, which can lead to security vulnerabilities in your business’ IT security left unaddressed.
The bottom line is that with cybercriminals upgrading their arsenal every day and exploring a plethora of options to trap your employees, security awareness training has become more important than ever before.
Security Awareness Training: An Essential Investment
A one-time training program will neither help your employees repel cyberthreats nor help your business develop a security culture. To deal with the growing threat landscape, your employees need thorough and regular security awareness training.
You must never back out of providing continual security awareness training to your employees just because of the time and money you need to invest in it. The return on investment will be visible in the form of better decision-making employees who efficiently respond in the face of adversity, ultimately saving your business from data breaches, damage to reputation and potentially expensive lawsuits. The following statistics highlight why you must deploy regular security awareness training and consider it a necessary investment:
Eighty percent of organizations experience at least one compromised account threat per month. 1
Sixty-seven percent of data breaches result from human error, credential theft or social attack. 2
Since the start of the COVID-19 pandemic, phishing attacks have gone up by 67 percent. 3
Expecting your employees to train themselves on how to detect and respond to cyberthreats certainly isn’t the best way to deal with an ever-evolving threat landscape. You must take on the responsibility of providing regular training to your employees to ensure you adequately prepare them to identify and ward off potential cyberattacks.
Every employee must realize that even a minor mistake can snowball into a terrible security disaster for the company. They need to understand that your business’ cybersecurity is also their responsibility.
You can transform your business’ biggest cybersecurity risk – your employees – into its prime defense against threats by developing a security culture that emphasizes adequate and regular security awareness training.
Making all this happen will require continued effort and may seem like an uphill climb, but with the right partner by your side, you can easily integrate security awareness training into your business’ cybersecurity strategy. The first step towards training and empowering your employees starts with an email to us. Feel free to get in touch anytime.
  Article curated and used by permission. Â
Sources:
Cybercriminals work round the clock to detect and exploit vulnerabilities in your business’ network for nefarious gains. The only way to counter these hackers is by deploying a robust cybersecurity posture that’s built using comprehensive security solutions. However, while you’re caught up doing this, there is a possibility you may overlook mitigating the weakest link in your fight against cybercriminals — your employees.
With remote work gaining traction and decentralized workspaces becoming the new norm, businesses like yours must strengthen their cybersecurity strategies to counter human errors and data breaches perpetrated by malicious insiders. All employees, irrespective of their designation/rank, can expose your business vulnerabilities to cybercriminals.
Implementing routine security awareness training for employees can help you prevent a vulnerability from escalating into a disaster. As the first line of defense against cyberattacks, your employees must be thoroughly and regularly trained to identify and deflate potential cyberthreats.
Why Employees Pose a Risk to Businesses?
According to IBM’s Cost of a Data Breach Report 2020, 23 percent of data breaches in an organization occurred because of human error. An untrained employee can compromise your business’ security in multiple ways. Some of the most common errors committed by employees include:
Falling for phishing scams: With the onset of COVID-19, hackers masquerading as the World Health Organization (WHO) tricked people into clicking on malicious links and sharing sensitive information. Cybercriminals are using improved techniques, like spoofed emails and text messages, to propagate the ongoing scam. Your employees must be well-trained to counter it.
Bad password hygiene: A section of your employees might reuse the same password or a set of passwords for multiple accounts (business and personal), which is a dangerous habit that allows cybercriminals to crack your business’ network security.
Misdelivery: Even slight carelessness can lead to an employee sending sensitive, business-critical information to a hacker. Such an act can cause lasting damage to your business, which is why you must be prepared to counter it.
Inept patch management: Often, employees can delay the deployment of a security patch sent to their device, which can lead to security vulnerabilities in your business’ IT security left unaddressed.
The bottom line is that with cybercriminals upgrading their arsenal every day and exploring a plethora of options to trap your employees, security awareness training has become more important than ever before.
Security Awareness Training: An Essential Investment
A one-time training program will neither help your employees repel cyberthreats nor help your business develop a security culture. To deal with the growing threat landscape, your employees need thorough and regular security awareness training.
You must never back out of providing continual security awareness training to your employees just because of the time and money you need to invest in it. The return on investment will be visible in the form of better decision-making employees who efficiently respond in the face of adversity, ultimately saving your business from data breaches, damage to reputation and potentially expensive lawsuits. The following statistics highlight why you must deploy regular security awareness training and consider it a necessary investment:
Eighty percent of organizations experience at least one compromised account threat per month. 1
Sixty-seven percent of data breaches result from human error, credential theft or social attack. 2
Since the start of the COVID-19 pandemic, phishing attacks have gone up by 67 percent. 3
Expecting your employees to train themselves on how to detect and respond to cyberthreats certainly isn’t the best way to deal with an ever-evolving threat landscape. You must take on the responsibility of providing regular training to your employees to ensure you adequately prepare them to identify and ward off potential cyberattacks.
Every employee must realize that even a minor mistake can snowball into a terrible security disaster for the company. They need to understand that your business’ cybersecurity is also their responsibility.
You can transform your business’ biggest cybersecurity risk – your employees – into its prime defense against threats by developing a security culture that emphasizes adequate and regular security awareness training.
Making all this happen will require continued effort and may seem like an uphill climb, but with the right partner by your side, you can easily integrate security awareness training into your business’ cybersecurity strategy. The first step towards training and empowering your employees starts with an email to us. Feel free to get in touch anytime.
  Article curated and used by permission.Â
Sources:
InTegriLogic is proud to announce the launch of our new website at www.integrilogic.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...
