Secure your knowledge. Newsletter - September 2023

Welcome to our September newsletter where we continue to review the latest attacks to hit the headlines, reveal our cyber tip of the month, and discuss the rise of AI/ML-driven cyber attacks and the challenges facing governments, companies and users in our latest blog post.

Read on below ??

EVENTS ??

International Cyber Expo

We’re heading to London Olympia, for the International Cyber Expo, 26 – 27 September.?

Meet Patrick Gardner , Managing Partner, Justin Cosnett , Chief Product Officer, Craig Lusher , Senior Product Specialist - Secure, Leon Allen , Cybersecurity Director, Graeme Price and Aidan Rees-Williams , Regional Sales Directors who will all be on hand to share their knowledge on C8 Secure’s product suite and the latest technologies and strategies in the field of cybersecurity.?

??Head to Stand Q75 to meet the team where you can enter a draw for a free cybersecurity assessment, or set up a meeting here. T&Cs apply. ?

Philippine Breakfast Briefing

In August our team of experts held an exclusive cybersecurity breakfast briefing in Manila, Philippines, providing insights and strategies on the management of ever-changing cyber risks. C8 Secure and our customers shared their vision to over 60 attendees.

Highlights included Brian Borysewich ’s analysis on navigating cyber threats in the age of AI, customer insights provided by Roland V. Oscuro, FSVP, CISO on the dynamic cybersecurity journey at PNB - Philippine National Bank and a thought-provoking panel featuring Carlo Lasala, Director - Business Technology and Information Security, Jollibee Group on how to safeguard your organization against cyber threats.?

BLOG ??

The rise of AI/ML-driven cyber attacks is changing the face of cybersecurity, posing new challenges for governments, companies and users.

Cyber attacks have evolved and become more sophisticated over time. At first, they focused on exploiting software and network vulnerabilities for unauthorized access or causing disruptions.

Check out our blog to learn more.

THE LATEST CYBER ATTACKS ??

Two ex-employees behind a data breach at Tesla

Personal information of more than 75,000 people including staff, was exposed in a data breach at Tesla , the company has confirmed. The carmaker confirmed that the confidential information included identifiable information such as name, address, phone number and social security numbers.

According to Reuters, Tesla had identified two employees who leaked the data with lawsuits filed against them.

Patrick Gardner, C8 Secure’s Managing Partner, says: “While the actions taken by Tesla identifying and filing lawsuits against the culprits are commendable, this incident highlights a larger concern in the tech industry. Insider threats — whether with malicious intent or result of pure negligence — are traditionally more challenging to mitigate than external threats. Companies not only need to focus on hardened external defenses but also must prioritize monitoring and management of internal data access using a defense in depth approach.?This public data breach combined with pervious claims made by ex-employees regarding internally shared video and images recorded by customers’ car cameras should raise serious questions about user privacy and how collected data is managed and safeguarded at Tesla.”

One of the largest hospitals in Mississippi taken offline

Several internet services were forced offline recently at a major hospital after being attacked by cyber criminals. According to reports “unusual activity” was detected on its network, and then an official statement confirmed that they were forced to take some systems offline, meaning a delay to lab test results and departmental exams being affected.

This is one example of many hospitals that have experienced major network and operational disruptions in recent years, due to cyber attacks.

Patrick Gardner, C8 Secure’s Managing Partner, explains: “This incident at Singing River Health System is yet another example of the continued and escalating threat to the healthcare industry. While the aftermath of these attacks often focuses on financial implications or potential data breaches, we must also consider the implications for patients who rely on medical services. Delays in lab tests, radiology exams, and the switch to manual, paper-based systems can have dire consequences, especially in emergency scenarios. The fact that a prominent hospital system had to completely take its services offline is a sobering reminder of the severity of the current threat landscape.

However, the report from CISA detailing over 600 advance notices is a silver lining, demonstrating proactive measures being taken to counteract these threats. The frequency of attacks on healthcare providers indicates that more needs to be done at the industry level. The DIGIHEALS project from HHS, which would apply national security-level technologies to our healthcare systems, is also a step in the right direction, assuming patient data remains private and out of government hands. The cyber threats of today aren't just about data – they directly impact human lives.”

CYBER TIP OF THE MONTH ??

This month’s tip stays focused on the healthcare industry, outlining nine ways to help protect patient data and ensure services stay online:?

1. Recognize the impact: Understand that cyberattacks on healthcare institutions don't just risk data breaches; they can jeopardize patient's health and critical care delivery. Measure your risk levels with a security risk assessment to quantify your exposure.
2. Stay informed: Always keep an eye on communications from trusted cybersecurity agencies like CISA. Their timely threat intelligence can be a lifeline against imminent attacks.?Create a response team to monitor and act on notifications.?
3. Employee training & testing: Regularly train all healthcare staff, not just IT personnel. Many breaches start with simple phishing emails. A well-informed employee can be the first line of defense. Test the training effectiveness and identify weaknesses with unannounced and frequent phishing campaigns.
4. System audits: Conduct regular security audits and penetration tests on healthcare IT systems. Early detection of vulnerabilities can prevent major breaches.
5. Secure patient data: Use multi-factor authentication, especially for systems holding sensitive patient information. Ensure data is encrypted both at rest and in transit.?Only allow access to patient data on a “need to know” basis, any access should be logged and monitored for suspicious activities.
6. Collaborate and share: Foster a culture of knowledge sharing. If one healthcare facility faces a specific threat, chances are, others might too. Shared knowledge can save others from facing the same threat.
7. Plan for downtime: Have a contingency plan ready for operations to continue even when systems are down. This includes manual procedures and communication chains. The best laid plans means nothing unless its regularly tested.
8. Vendor scrutiny: If third-party vendors have access to your systems, make sure they adhere to strict cybersecurity protocols. Remember, your system's security is only as strong as its weakest link.?
9. Prioritize communication: In case of a breach, communicate promptly with affected parties, law enforcement, and other necessary stakeholders.?Create and test an incident response plan, time matters.

In the healthcare sector, cybersecurity isn't just about protecting data; it's about safeguarding human lives.

Learn more about C8 Secure at www.c8secure.com