Cyber Risk Governance Insights | April 22, 2024
Sean Mahoney
Cyber Resilience | Cyber Risk Management | Speaker & Podcaster | Protector Against Ransomware
WEEK IN HEADLINES
HEALTHCARE - Provider To Take ~$1.6 B Hit Following Attack
UnitedHealth (UNH ) estimates that the Change Healthcare cyberattack could cost up to $1.6 billion this year. The costs arise from direct response efforts, higher medical costs after suspending some utilization management processes, and loss of Change’s revenue. In Q1 alone, the cyberattack cost UnitedHealth $872 million.
SOFTWARE - Savvy Users Fall Prey to Sophisticated Phishing
LastPass users have been targeted by a sophisticated phishing campaign that used email, SMS, and voice calls to trick users into revealing their master passwords. The attackers used an advanced phishing-as-a-service kit called CryptoChameleon, which was designed to trick even savvy individuals into believing the communications were legitimate.
TRANSPORTATION - Dozens of Fake Websites Found Following FBI Warning
Cybersecurity researchers have discovered nearly 30 phishing websites impersonating the electronic toll collection service E-ZPass , following an FBI warning about smishing attacks targeting road toll collection services. The scam involves sending fake text messages to victims, claiming they have an outstanding balance on their toll account and directing them to a hacker-controlled website to settle the balance.
INFRASTRUCTURE - Rural Texas Towns Targeted, Causes Water System Overflow
A series of cyberattacks on small towns in rural Texas, which caused one town’s water system to overflow, has been linked to a shadowy Russian hacktivist group. The attacks were swiftly addressed, and public safety was not compromised. The group, known as CyberArmyofRussia_Reborn , is suspected of having ties to the Russian government.
FINANCIAL SERVICES - Novel Malware Targets Banking Users
A new banking Trojan , dubbed ‘SoumniBot’, is targeting Korean users using obfuscation techniques that exploit vulnerabilities in the Android manifest. The malware initiates a malicious service, conceals its icon to hinder removal, and begins surreptitiously uploading sensitive data from the victim’s device to a designated server. It also has the capability to search for and exfiltrate digital certificates used by Korean banks for online banking services.
TELECOMMUNICATIONS - Provider Shuts Down Systems to Battle Cyberattack
Frontier Communications , a leading U.S. telecom provider, has been hit by a cyberattack, forcing the company to shut down some of its IT systems. The breach, likely carried out by a cybercrime group, resulted in unauthorized access to personally identifiable information.
DATA PROCESSING - KYC Database Stolen and Leak Threatened
The World-Check database , used by businesses to verify user trustworthiness, has been stolen by cybercriminals from the GhostR group. The database, which includes information on undesirables such as terrorists, money launderers, and political figures, is used for Know Your Customer (KYC) checks. The group threatens to leak all 5 million records, including details on thousands of individuals, such as "royal family members".
领英推荐
INSIGHTS & EXPERT PERSPECTIVES
RISK MANAGEMENT - Navigating Uncertainty: ERM Maturity Levels
The 2023 State of Risk Oversight Report , a joint initiative by the AICPA and North Carolina State University (NCSU) Poole College of Management, provides a comprehensive overview of enterprise risk management practices across various industries. The report, based on insights from business leaders, addresses key aspects of risk management, including drivers for enhanced risk management, overall risk management maturity, the strategic value of ERM, leadership, identification and assessment, monitoring, and board structures. A growing area of focus is the impact of culture on risk management, particularly as organizations review and implement policies regarding sustainability and diversity, equity, and inclusion (DEI).?
A recent article from The Institute of Internal Auditors , discusses the importance of assessing Enterprise Risk Management (ERM) maturity levels and the role of internal auditors as advocates for ERM. The article emphasizes the need for organizations to understand that a mature ERM system can help them better achieve their strategic planning objectives.?
INSIGHT: While the AICPA Report emphasizes the importance of a mature ERM system, it’s notable that the implementation of such systems can be resource-intensive, or more likely, not feasible for all organizations, especially SMEs? Some Risk Pros believe that organizations should also focus on building resilience and the ability to respond effectively when risks materialize.
Others, like Norman Marks Marks, argue that traditional risk management practices, which often involve producing and reviewing a list of risks, are not effective. Marks emphasizes the need for a business perspective in risk management, focusing on what it takes for an organization to succeed. Marks also highlights the role of internal auditors in recognizing these red flags and advocating for more effective risk management initiatives.
Understand that the implementation and effectiveness of such practices will vary widely depending on the specific context of an organization - industry type, organizational size, and geographical location - which will influence the nature and extent of risks faced, and therefore the appropriate risk management strategies.
Sharpen Your Cyber Edge with Netswitch
Master Compliance & Minimize Risks:
Deepen Your Knowledge:
Don't wait.
Contact Netswitch today to take control of your cyber risk.
Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.
Parcel Shipping Optimization | Same Day Delivery | Managing Partner at Margin Ninja | DM Me to Schedule a Call
7 个月Interesting developments in healthcare, software, transportation, and more this week. Stay informed