Cyber Risk Governance Insights | October 21, 2024

WEEK IN HEADLINES

RETAIL - Free Offer Turns Out to Be Phishing Scam, Shocking No One

A sophisticated phishing scam has been targeting Starbucks customers, luring them with the promise of a free “Coffee Lovers Box.” The scam, which has already resulted in over 900 reports to Action Fraud in just two weeks, aims to steal personal and financial information or install malware on victims’ devices. The fraudulent emails mimic Starbucks’ branding and language, making them appear legitimate and convincing. Recipients clicking on the malicious links are directed to fake websites that harvest sensitive data.

INSIGHT: Consider implementing DMARC (Domain-based Message Authentication, Reporting & Conformance) in your email security to help prevent email spoofing. This would allow email domain owners to specify which mechanisms (SPF, DKIM) are used to authenticate their emails and instruct receiving mail servers on how to handle unauthenticated emails.

CRITICAL INFRASTRUCTURE - Iranian Cyber Actors Exploit Weaknesses

The cyber incident involved Iranian actors using brute force methods, such as password spraying and MFA push bombing, to gain unauthorized access to critical infrastructure networks. They then modified MFA registrations to maintain persistent access and performed network discovery to gather additional credentials and sensitive information.

INSIGHT: Implementing Zero Trust Architecture (ZTA) would significantly improve the security posture of critical infrastructure organizations that often have to balance limited resources and legacy systems due to the criticality of the devices.

TECHNOLOGY - Asian Firm Confirms Data Breach Following Devastating Attack

Nidec Corporation, a leading Japanese technology company, has confirmed a data breach resulting from a ransomware attack. Hackers stole sensitive data and leaked it on the dark web, raising significant concerns about the company’s cybersecurity measures.

INSIGHT: Implementing Endpoint Detection and Response (EDR) would have significantly provided Nidec the ability to detect, respond to, and mitigate ransomware attacks, thus protecting sensitive data and maintaining operational integrity.

HEALTHCARE - Hospice Patient Data Compromised by Ransomware

Kansas City Hospice, a non-profit providing end-of-life care, has fallen victim to a BlackSuit ransomware attack. The attackers have exfiltrated sensitive data and listed the organization on their dark website. This incident raises serious concerns about the cybersecurity measures in place at healthcare institutions.

INSIGHT: To prevent such a similar incident for yourself, we turn - again - to provide an additional layer of security with Multi-Factor Authentication (MFA) as it requires users to provide two or more identity verification factors to gain access to a resource such as an application, online account, or VPN.

CRYPTOGRAPHY - Military-Grade Encryption Breached Using Quantum Computer(??)

Chinese researchers have achieved a significant breakthrough by using a quantum computer to hack military-grade encryption. This development poses a substantial threat to critical sectors such as banking, defense, and national security, which rely heavily on advanced encryption methods to protect sensitive information. This development underscores the urgent need for the adoption of post-quantum cryptography (PQC) to safeguard against the emerging capabilities of quantum computing. The successful breach highlights the vulnerabilities of current encryption technologies and the pressing necessity for future-proof security measures to protect critical data from quantum threats.

INSIGHT: The claims about the research are from the South China Morning Post, and much of the research is theoretical and not yet practical. Quantum computers are not yet advanced enough to break military-grade encryption, and while quantum computing poses a future threat to encryption, significant advancements are still needed before it can effectively compromise current encryption standards.? To learn more about quantum computing, listen to the recent Cybersecurity Chronicles Podcast.

MANUFACTURING - Firm Faces Prolonged Outage Post Ransomware Attack

Casio, a leading electronics manufacturer, has been severely impacted by a ransomware attack, leaving many of its systems unusable for nearly two weeks. The attack has disrupted operations, including order processing and product shipments, and compromised sensitive data.

INSIGHT: It seems a bit thematic this week with EDR being recommended for having prevented this type of incident.? The valuable protection from this tool is advanced real-time analysis of end-point activities.? When combined with User Behavior Analytics, you can better defend your organization.

GOVERNMENT - County Services Paralyzed by Ransomware Attack

Suffolk County experienced a severe ransomware attack on September 8, 2022, disrupting essential services such as civil-service testing and police dispatches. The attack has highlighted significant vulnerabilities in the county’s cybersecurity infrastructure.

INSIGHT: Again, a weekly theme - MFA.? Multifactor Authentication may interrupt employee workflow and "reduce" productivity leaving them to complain it's time-consuming and frustrating.? The alternative is the possibility of an incident that shuts down your operations, affects your customers, and is potentially existential to the company.?

Your call of which to choose.

INSIGHTS & EXPERT PERSPECTIVES

REPORT: Navigating the Evolving Cyber Threat Landscape

The Microsoft Digital Defense Report 2024 provided a comprehensive analysis of the current cybersecurity landscape, highlighting the increasing sophistication of cyber threats and the critical need for enhanced cyber resilience. The report reveals that cyberattacks have surged, with over 78 trillion security signals processed daily, underscoring the relentless activity of nation-state actors and cybercriminals. It also explores the dual role of generative AI, which is being leveraged both for defense and by adversaries to craft more sophisticated attacks. Emphasizing the importance of robust cybersecurity measures, the report calls for organizations to adopt proactive strategies, including regular security assessments, multi-factor authentication, and comprehensive incident response plans, to safeguard against these evolving threats.

3 highlights from this report:

1. Evolving Cyber Threat Landscape: there is evidence of the increasing sophistication of cyber threats, with nation-state actors and cybercriminals employing advanced tactics, techniques, and procedures (TTPs).
2. Impact of Generative AI: a double-edged sword in cybersecurity that offers new tools for defense, it also provides adversaries with enhanced capabilities to craft convincing phishing attacks and automate malicious activities.
3. Importance of Cyber Resilience: The report emphasizes the need for organizations to build cyber resilience - not only preventing attacks but also ensuring rapid recovery and continuity of operations in the event of a breach.

There are 5 practical and cost-effective steps you can take to significantly enhance your cyber posture and resilience, make you a better supply chain partner, and reduce the risk of incidents that could lead to severe financial consequences (lawsuits, penalties, reputational harm, and bankruptcy.)

5 Actionable Steps for You:

1. Conduct Baseline Assessments - A Business Impact Analysis (BIA) and a baseline Security and Risk Assessment can identify critical assets and vulnerabilities and help prioritize mitigation and resource allocation plans.
2. Incident Response Plan - You should have a detailed IR plan and regularly conduct reviews and simulations so all employees know their roles.
3. Backup and Recovery - Regularly back up critical data and test accessibility and recovery procedures.
4. Security Awareness Education - Employees are often the weakest link in cybersecurity, but educating them can turn them into your first line of defense
5. Leverage Cost-Effective Security Tools - Use affordable and cost-justifiable cyber solutions that offer scalable and cost-effective protection tailored to your needs.

Without doing 1 - 4, investments in #5 may just be throwing money away and hoping you're safe.

Opinion: Bankruptcy Should Not Shield Companies from Cyber Accountability

Following the massive data breach at National Public Data, the company filed for Chapter 11 bankruptcy.? This protective corporate step is a disservice to the countless individuals whose personal information was compromised.

This move underscores a significant flaw in our legal system: allowing companies to use bankruptcy as a shield against financial responsibility for their negligence in cybersecurity is fundamentally unfair, should be reconsidered by Congress, and should not be permitted by the courts.

A Safe Harbor for Negligence

National Public Data’s bankruptcy filing effectively halts all ongoing litigation, including class action lawsuits from victims of the breach.

This automatic stay provides the company with a reprieve from its financial obligations, allowing it to reorganize its debts and potentially discharge some liabilities.

While bankruptcy laws are designed to help businesses recover, they should not serve as a safe harbor for companies that have failed to take adequate measures to protect sensitive data.

Ignored Cyber Risks

The breach at National Public Data was not an unavoidable accident; it was the result of inadequate cybersecurity practices.

Proper encryption protocols and other security measures could have prevented this incident.

By ignoring these control risks, the company placed millions of individuals at risk of identity theft and financial loss.

Allowing the company to escape full accountability through bankruptcy undermines the importance of strong cybersecurity practices and sets a dangerous precedent.

A Need for Accountability

Bankruptcy should not be a tool for companies to evade their responsibilities. Instead, the courts should ensure that companies are held accountable for their negligence.

This includes prioritizing the claims of breach victims in bankruptcy proceedings and ensuring that companies cannot simply walk away from their obligations.

Do We Need Legal Reform

It is time for reform to address this misuse of law.

Bankruptcy laws should be updated to prevent companies from using bankruptcy as a means to avoid financial responsibility for cybersecurity failures. This would not only provide justice for victims but also incentivize companies to invest in appropriate cybersecurity measures, ultimately reducing the likelihood of such breaches in the future.

The courts should not allow companies to use bankruptcy as a shield against accountability. ?Protecting the rights of individuals over the financial interests of negligent companies.

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.
2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Community on LinkedIn. Share insights and stay ahead of the curve.
• Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch Technology Management today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.