Cyber Risk Governance Insights | May 6, 2024

WEEK IN HEADLINES

LIBRARIES - Ransom Demanded After Data Breach

The B.C. Libraries Co-operative was targeted by a hacker who threatened to release user data unless a ransom was paid. The hacker accessed log file data from the co-operative’s new cloud hosting infrastructure and obtained “minimal data” from its email server. Although no passwords or email content were stolen, the breach highlights the need for increased cybersecurity vigilance in libraries.

Cybersecurity isn’t just about firewalls and encryption—it’s about informed decision-making. Executives must champion appropriate governance practices, assess supply chain risks, and empower our teams to recognize and respond to threats.

HEALTHCARE - Basic Security Missing Causes Massive Breach

The Change Healthcare cyberattack, which disrupted healthcare systems nationwide, stemmed from hackers infiltrating a server lacking a fundamental security measure: multifactor authentication. UnitedHealth CEO Andrew Witty revealed this during a U.S. Senate hearing.

This breach highlights the value of basic cybersecurity practices for any business.? Incidents such as this affect public trust, regulatory scrutiny, and the need for improved cyber risk governance controls.

PHISHING - State Hackers Exploit Weak DMARC Policies

The APT43 hacking group, linked to North Korea, manipulates weak Domain-based Message Authentication Reporting and Conformance (DMARC) policies. They send spoofed emails, posing as credible sources like journalists and academics, to collect intelligence on geopolitical events.

Organizations must address weak email security practices.? We see less than 10% have properly configured email systems.? We work with customers to implement proactive email security DMARC measures to demonstrate supply chain strength.

SOFTWARE - Data Breach Exposes User Passwords and MFA Data

Dropbox has confirmed a major data breach impacting its Dropbox Sign e-signature service. A hacker gained unauthorized access to the production environment and customer database, exposing sensitive information like email addresses, phone numbers, hashed passwords, OAuth tokens, and multi-factor authentication data.

The value of MFA cannot be overstated. It is an essential defense to protect the accessibility of sensitive information and mitigate risks associated with data breaches. Implementation of MFA should be a top priority for executives of all organizations.

TRANSPORTATION - Services Paralyzed, Restoration to Take Months

A cybersecurity attack severely impacted the Kansas City Scout traffic management system on April 25th. The attack has taken down the system's websites, traffic cameras, and message boards, leaving commuters without access to real-time traffic information. The Missouri and Kansas Departments of Transportation have warned that the restoration process is expected to take months, causing significant frustration for partners and the traveling public.

This is yet another incident involving critical infrastructure and the apparent lack of adequate resilience planning.? Well-planned response readiness is important for all organizations regardless of industry.? To learn more - listen to this.

HOSPITALITY - Restaurant Employee Data Compromised

Panda Restaurant Group, the parent company of popular chains like Panda Express and Panda Inn, has disclosed a data breach after its corporate systems were hacked in March. The cyber attackers gained unauthorized access and stole personal information of an undisclosed number of PRG's 39,000 employees, potentially exposing sensitive data like names, addresses, and Social Security numbers.

Panda Restaurant Group will likely face significant legal and financial consequences under the California Consumer Privacy Act (CCPA), including potential fines, statutory damages, stringent breach notification obligations, and increased regulatory oversight.

INSIGHTS & EXPERT PERSPECTIVES

LEADERSHIP - Evolving Cyber Threats Unveiled: DBIR 2024

The 2024 Data Breach Investigations Report (DBIR) by Verizon offers an in-depth analysis of the ever-changing cybersecurity landscape, providing valuable insights for organizations to strengthen their defenses against emerging threats.

The report highlights the increasing sophistication of cyber-attacks, with a notable rise in ransomware incidents and supply chain compromises. Financially motivated threat actors continue to dominate, exploiting vulnerabilities in web applications and leveraging stolen credentials. However, the report also underscores the growing concern of nation-state actors and their advanced persistent threats (APTs).

Highlights:

• Ransomware Surge: 25% increase, with more sophisticated tactics, i.e. double extortion and targeting backups.
• Supply Chain Risks: 15% increase in incidents involving 3rd-party vendors and service providers.
• Credential Theft Persists: popular attack accounting for 30+% of breaches, emphasizing the need for access controls and multi-factor authentication.

?INSIGHTS: Verizon's 2024 DBIR should be a wake-up call for C-suite executives, and provides evidence of what we have been espousing for the last several years.

?The unrelenting surge in ransomware attacks and the increase in double extortion tactics pose severe operational and reputational risks. The increase in supply chain compromises highlights the need for robust vendor risk management.

The days of merely reacting to threats are gone. Organizational leadership must prioritize a proactive, holistic cybersecurity strategy that is part of the corporate culture and not just a written policy. This means engaging in independent and regular risk assessments, testing of strong access controls, continuous security awareness education of all personnel, fundamental security measures like multi-factor authentication, and continuous monitoring to provide insights and evidence of cyber resilience.?

Two takeaways this week:

1. Stop Paying Ransoms - double extortion is more likely than ever to have you paying forever, just like blackmail.
2. MFA - the recurring theme this week.? It is a basic security practice, that adds maybe a few seconds for you, or your employees, to access systems or data, but may significantly reduce your risk - don't believe us?? Read the transcript testimony of Andrew Witty, CEO of UnitedHealth Group to House Energy and Commerce Committee? / Subcommittee on Oversight and Investigations, and pray you're never in the same seat.

Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

• Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch
• Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Group on LinkedIn. Share insights and stay ahead of the curve.
• Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.