Week of February 23rd, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

Supply Chain Disruptions Are On the Rise. The Latest Victim? Read on to Find Out?

Pharmacies across the United States are reporting delays to their prescription orders. The culprit? A cyberattack against one of the nation's largest healthcare tech companies: Change Healthcare. The impact to their networks was first discovered Wednesday AM.

"Change Healthcare is experiencing a network interruption related to a cybersecurity issue and our experts are working to address the matter. Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact," Change Healthcare recently said in a statement.

This national service outage speaks to an ongoing trend regarding supply chain cyberattacks. In 2023 alone, cyber professionals reported that:?

• Only 36% of organizations vetted new and existing suppliers in the last year
• 59% of organizations that were the target of a supply chain attack did not have an incident response plan in place
• 58% of all supply chain attacks were focused on accessing confidential data
• 50% of supply chain attacks were attributed to notorious APT groups
• In over 50% of supply chain attacks, malware was the chosen attack technique
• 66% of threat actors focused on the suppliers’ code to compromise customers

This Change Healthcare service outage is anticipated to last until EOD today.

Personal Cyber Insurance is on the Rise. Here’s What to Know

In Canada, tens of thousands of residents fall victim to cybercrime every year, so some are adding a new tool to their arsenal: personal cyber insurance.

Depending on the provider and plan, such coverage may include everything from the unauthorized use of bank accounts or credit cards to counseling and social media monitoring in the event one is cyberbullied. Some plans help with restoring data and access to computers or digital home systems. Others give customers professional help if someone is trying to extort them online.

Statistics Canada data shows the number of police-reported cybercrimes in the country hit 74,073 in 2022, up from 71,727 in 2021 and 33,893 in 2018. (Experts have long said cybercrime is under-reported because of the stigma that can be associated with being targeted.)

This uptick aligns with other predictions that were forecasted for 2024 and beyond. These predictions include, but are not limited to:

• Between the end of 2023 and the start of 2025, modern data privacy laws will cover the personal info of around 75% of the globe’s population
• Organizations that adopt a strong cybersecurity network architecture by 2023 will reduce the financial costs of data breaches by an average of 90%
• 30% of enterprises will begin to utilize cloud-based Secure Web Gateway (SWG), CLoud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS)
• By 2025, 80% of enterprises will unify web, cloud services, and private application access from a single SSE platform
• Hybrid and remote work will continue to rise in frequency across all sectors
• 70% of CEOs will mandate a culture of cybersecurity-focused awareness and resilience
• Ahead of the end of 2026, around 50% of C-level executives will build performance requirements related to cybersecurity risk into their employment contracts