Just one month into the new year, cybersecurity has taken center stage in a range of industries. From government hacks to ransomware attacks on healthcare organizations, 2017 is proving no organization is safe. As threats become increasingly sophisticated, organizations must develop proactive cybersecurity plans. Two models for security are coming into question:
- Watching the network isn’t enough. Data itself needs to be protected from malicious use.
- Plausible deniability is not a defense for being out of compliance any longer. If sensitive information is in your data, you own it. Assume it’s already on the move.
Below are five stories security and IT pros should read to make sure their companies are prepared for the new year. They underscore the fact that it’s not if, but when and that the perpetrators are already past the perimeter and now inside.
Indiana cancer agency hit by aggressive ransomware group (by Catalin Cimpanu, Bleeping Computer)
In early January, Cancer Services of East Central Indiana-Little Red Door, an organization that provides services to those dealing with cancer, experienced a ransomware attack in which the agency’s internal network was compromised and locked down. The attackers requested a payment of 50 Bitcoin ($44,800) via text messages to the company’s executive team. Determining when and when not to pay up is risky business, however the agency confirmed it would not raise funds to pay the ransom.
Satan ransomware-as-a-service starts trading in the Dark Web (Charlie Osborne, ZDNet)
A billion-dollar business, ransomware is expected to grow even more in the coming year. Hackers can now purchase customizable ransomware-as-a-service (RaaS) on the Dark Web to target anyone, anywhere. Security researcher Xylitol recently discovered the Satan Malware is now available for purchase by the public as part of a RaaS platform. The Satan file claims that stolen files are encrypted and impossible to restore, making payment the only way to get the data back. With organizations becoming more dependent on their virtual data, they shouldn’t be left in a position where they have no option but to pay the ransom.
In light of cyber hacks during the U.S. election, the European Union is concerned about the growing threats from foreign powers during the French, German and Italian general elections in March. According to EU security commissioner Julian King, European nations are being targeted by “aggressive” and “potentially dangerous” threats, with Swedish Prime Minister Stefan Lovren claiming that Sweden is facing a number of security threats, primarily from Russia.
Hawaii faces up to 45 million cyberattacks daily, state officials say (Kevin Dayton, Government Technology)
According to Todd Nacapuy, chief of Hawaii’s Office of Enterprise Technology Services, the state’s networks are being targeted by attackers up to 45 million times a day. The automated tool attacking the system is believed to be looking to find vulnerabilities, with the hackers changing their tactics daily. How much, if any, data has been leaked is still unknown. The increasing number of attacks on government agencies is steadily climbing, with attacks ranging from ransomware threats against small towns to the U.S. Army Cyber Command.
Using ransomware is now a felony in CA (Justine Brown, CIO Dive)
The new year started off with a major win for security professionals throughout the country, as California enacted a law that makes the use of ransomware a felony. The law states that anyone introducing ransomware into any computer, system or network can be charged with extortion. Among the first states to pass this type of legislation, California has become a major target for ransomware attacks over the last few years. Following in the footsteps of The Golden State, the industry can expect to see more government representatives getting involved in cybersecurity legislation.
Stay up to date with security news by subscribing to the DataGravity newsletter.