SlideShare a Scribd company logo

NYCDS-DQ-Winter-2016-Cyber-Security

Ondrej Krehel
Ondrej Krehel
1 of 1
Download to read offline
6Dentists’ Quarterly, December 2016 Cyber terrorism targeting smaller health- care offices is increasing at an alarming rate. While these incidents do not get equal media coverage in comparison to attacks on mul- tinational corporations and governmental agencies, a data breach at a dental office is ar- guably more disruptive to the victim because the associated costs can potentially bankrupt smaller sized businesses. Victims of cyber-attacks at medical offices are far reaching and often extend to the patients. A decrease in or a complete loss of trust towards their medical provider often occurs when patients learn that their SSN and other personal data are for sale on the darkweb. Besides impacting the work flow, a patient’s trust, and the general disruption of your business, a breach imparts many additional costs. First is the expenditure of money and time to investigate and remedy the problem. This can be an enduring process if your attacker is well entrenched in your environ- ment. Next is the cost of notifying and protecting the indi- viduals who may have lost personal information in the attack. A recent study of the healthcare providers’ industry, estimates that each record compromised in a data breach costs nearly $1,000 to remediate. (http://www.cutimes.com/2015/11/04/ data-breaches-cost-1000-per-record-study) Finally, there is a chance of litigation against your company. Thus, small busi- nesses, like dental offices, that are faced with these compound- ing costs have a very difficult time surviving cyber-attacks. Especially prevalent against medical offices are malware at- tacks, like ransomware, which takes a computer system hos- tage by encrypting files and demanding payment in return for unlocking them. Ransomware is one of the most widely used attacks against dental offices. Its popularity stems in part from patient data being valuable to hackers and identity thieves. In addition, a dental office will often have an immediate need to access patient data when serving clients and could easily be pressured to pay hackers for release of this information. Victims of ransomware often pay their attackers in as little as three days. This makes for a very lucrative, albeit illegal, busi- ness practice. The FBI, however, opposes paying the ransom because these payments encourage more ransomware attacks. Ransomware, such as the popular Locky, Cyptowall, and PowerWare, is often spread through electronic messages that trick a user into opening an attachment or a link to a site where malware is downloaded onto the user’s computer. Of- ten sent by email, and sometimes social media channels, the messages that spread ransomware can appear to come from employees inside your organization. Like all cyber-attacks, ransomware is evolving and becom- ing more sophisticated. Newer types of ransomware are tar- geting dental offices by breaking into their IT support system. Cyber Security: A Rising Threat for Dental Offices Ondrej Krehel, CEO & Founder of LIFARS Ondrej Krehel Dentalofficesusingaremotedesktopconnectionfortheirout- sourcedITservicesarevulnerabletobruteforceattacksoftheir remote desktop protocol (RDP) functionality (https://threat- post.com/655000-healthcare-records-being-sold-on-dark- web/118933/). A group from Russia is also reselling the com- promised servers to other hackers on the dark forum, xDedic (https://lifars.com/2016/10/xdedic-marketplace-hacked- servers-go-sale/). An analysis of new attacks indicate that ransomware is waiting inside the environment for months, learning what is most valuable to the company and how to best harm the business, before encrypting files. To protect yourself, dental offices need to take a proactive position to prevent malware from harming their business. The existing security infrastructure should be able to detect and prevent a breach of your system and if necessary, automati- cally clean any malware before a response is required. In ad- dition, it is important to educate your employees to not open suspicious e-mails. The HIPAA compliance Ransomware Factsheet is useful in helping to inform your staff and busi- ness associates on how to prevent malware infections (http:// www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf). Moreover, it is vital that your organization follows the prin- ciples of cybersecurity best practices: “least privileges,” “need- to-know,” and “cybersecurity is never done.” These principles, when executed correctly will mitigate the harm and costs as- sociated with cyber-attacks. “Least Privileges” and “Need-to-Know” is the practice of limiting rights and permissions to staff members based on what is essential to their job function. It is easy to compro- mise a network when a single user is granted too many rights. This can include ensuring that standard users do not have lo- cal admin privileges. Least Privileges and Need-to-Know pre- vents a compromise from causing excessive damage. The third principle, “Cybersecurity is Never Done,” ad- dresses the ever-evolving nature of cyber-attacks. Because cybersecurity is an ever-changing landscape it is important to continuously test your system and maintain a good security posture. A system that was secure five years ago may be out- dated and at risk today. This principle, Cybersecurity is Never Done, is especially challenging for dental offices and many small businesses. As technology ages, new vulnerabilities are found and usually patches are released, which must be con- sidered for maintaining security. ■ LIFARS helps businesses keep up with proper update manage- ment and patch holes, or replace vulnerable systems. LIFARS provides risk analysis, user and staff training, and cyber threat monitoring to help companies to continuously stay current with the changing landscape of cyber-attacks. For more information please visit www.lifars.com or call 212-222-7061.

Recommended

W verb68
W verb68W verb68
W verb68James1280
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
FBI Ransomware Report
FBI Ransomware ReportFBI Ransomware Report
FBI Ransomware ReportDavid Sweigert
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Dan L. Dodson
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Top 5 it security threats for 2015
Top 5 it security threats for 2015Top 5 it security threats for 2015
Top 5 it security threats for 2015Bev Robb
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Cyber security
Cyber securityCyber security
Cyber securityJoseMerda1
 

Recommended

W verb68
W verb68W verb68
W verb68James1280
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
FBI Ransomware Report
FBI Ransomware ReportFBI Ransomware Report
FBI Ransomware ReportDavid Sweigert
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Dan L. Dodson
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Top 5 it security threats for 2015
Top 5 it security threats for 2015Top 5 it security threats for 2015
Top 5 it security threats for 2015Bev Robb
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Cyber security
Cyber securityCyber security
Cyber securityJoseMerda1
 
Proofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftAppsian
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTIONKaterynaPetrova4
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness ProgramWiley
 
Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019Briskinfosec Technology and Consulting Pvt Ltd
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing TechnologyAvishekMondal15
 
Phishing
PhishingPhishing
Phishingtarunikahsundrajahpi
 
Proxy For employee monitoring
Proxy For employee monitoringProxy For employee monitoring
Proxy For employee monitoringProxies Rent
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 

More Related Content

What's hot

Proofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftAppsian
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness ProgramWiley
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
 
Proxy For employee monitoring
Proxy For employee monitoringProxy For employee monitoring
Proxy For employee monitoringProxies Rent
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 

What's hot (20)

Proofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat Report
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?
 
Safeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit TheftSafeguarding PeopleSoft Against Direct Deposit Theft
Safeguarding PeopleSoft Against Direct Deposit Theft
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Phishing
PhishingPhishing
Phishing
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program
 
Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 
Phishing
PhishingPhishing
Phishing
 
Proxy For employee monitoring
Proxy For employee monitoringProxy For employee monitoring
Proxy For employee monitoring
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 

Similar to NYCDS-DQ-Winter-2016-Cyber-Security

Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Protected Harbor
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for LawyersMark Lanterman
 
Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Ainsha Noordin (Umie)
 
Systems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxSystems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxperryk1
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfanjandavid
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Steve Fantauzzo
 
Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Web Werks Data Centers
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Top 10 Cyber Security Threats and How to Prevent Them
Top 10 Cyber Security Threats and How to Prevent ThemTop 10 Cyber Security Threats and How to Prevent Them
Top 10 Cyber Security Threats and How to Prevent ThemChinmayee Behera
 

Similar to NYCDS-DQ-Winter-2016-Cyber-Security (20)

Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
 
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for Lawyers
 
Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?Why Should A Business Worry about Cyber Attacks?
Why Should A Business Worry about Cyber Attacks?
 
Systems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxSystems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docx
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
 
Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
Top 10 Cyber Security Threats and How to Prevent Them
Top 10 Cyber Security Threats and How to Prevent ThemTop 10 Cyber Security Threats and How to Prevent Them
Top 10 Cyber Security Threats and How to Prevent Them
 

NYCDS-DQ-Winter-2016-Cyber-Security

  • 1. 6Dentists’ Quarterly, December 2016 Cyber terrorism targeting smaller health- care offices is increasing at an alarming rate. While these incidents do not get equal media coverage in comparison to attacks on mul- tinational corporations and governmental agencies, a data breach at a dental office is ar- guably more disruptive to the victim because the associated costs can potentially bankrupt smaller sized businesses. Victims of cyber-attacks at medical offices are far reaching and often extend to the patients. A decrease in or a complete loss of trust towards their medical provider often occurs when patients learn that their SSN and other personal data are for sale on the darkweb. Besides impacting the work flow, a patient’s trust, and the general disruption of your business, a breach imparts many additional costs. First is the expenditure of money and time to investigate and remedy the problem. This can be an enduring process if your attacker is well entrenched in your environ- ment. Next is the cost of notifying and protecting the indi- viduals who may have lost personal information in the attack. A recent study of the healthcare providers’ industry, estimates that each record compromised in a data breach costs nearly $1,000 to remediate. (http://www.cutimes.com/2015/11/04/ data-breaches-cost-1000-per-record-study) Finally, there is a chance of litigation against your company. Thus, small busi- nesses, like dental offices, that are faced with these compound- ing costs have a very difficult time surviving cyber-attacks. Especially prevalent against medical offices are malware at- tacks, like ransomware, which takes a computer system hos- tage by encrypting files and demanding payment in return for unlocking them. Ransomware is one of the most widely used attacks against dental offices. Its popularity stems in part from patient data being valuable to hackers and identity thieves. In addition, a dental office will often have an immediate need to access patient data when serving clients and could easily be pressured to pay hackers for release of this information. Victims of ransomware often pay their attackers in as little as three days. This makes for a very lucrative, albeit illegal, busi- ness practice. The FBI, however, opposes paying the ransom because these payments encourage more ransomware attacks. Ransomware, such as the popular Locky, Cyptowall, and PowerWare, is often spread through electronic messages that trick a user into opening an attachment or a link to a site where malware is downloaded onto the user’s computer. Of- ten sent by email, and sometimes social media channels, the messages that spread ransomware can appear to come from employees inside your organization. Like all cyber-attacks, ransomware is evolving and becom- ing more sophisticated. Newer types of ransomware are tar- geting dental offices by breaking into their IT support system. Cyber Security: A Rising Threat for Dental Offices Ondrej Krehel, CEO & Founder of LIFARS Ondrej Krehel Dentalofficesusingaremotedesktopconnectionfortheirout- sourcedITservicesarevulnerabletobruteforceattacksoftheir remote desktop protocol (RDP) functionality (https://threat- post.com/655000-healthcare-records-being-sold-on-dark- web/118933/). A group from Russia is also reselling the com- promised servers to other hackers on the dark forum, xDedic (https://lifars.com/2016/10/xdedic-marketplace-hacked- servers-go-sale/). An analysis of new attacks indicate that ransomware is waiting inside the environment for months, learning what is most valuable to the company and how to best harm the business, before encrypting files. To protect yourself, dental offices need to take a proactive position to prevent malware from harming their business. The existing security infrastructure should be able to detect and prevent a breach of your system and if necessary, automati- cally clean any malware before a response is required. In ad- dition, it is important to educate your employees to not open suspicious e-mails. The HIPAA compliance Ransomware Factsheet is useful in helping to inform your staff and busi- ness associates on how to prevent malware infections (http:// www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf). Moreover, it is vital that your organization follows the prin- ciples of cybersecurity best practices: “least privileges,” “need- to-know,” and “cybersecurity is never done.” These principles, when executed correctly will mitigate the harm and costs as- sociated with cyber-attacks. “Least Privileges” and “Need-to-Know” is the practice of limiting rights and permissions to staff members based on what is essential to their job function. It is easy to compro- mise a network when a single user is granted too many rights. This can include ensuring that standard users do not have lo- cal admin privileges. Least Privileges and Need-to-Know pre- vents a compromise from causing excessive damage. The third principle, “Cybersecurity is Never Done,” ad- dresses the ever-evolving nature of cyber-attacks. Because cybersecurity is an ever-changing landscape it is important to continuously test your system and maintain a good security posture. A system that was secure five years ago may be out- dated and at risk today. This principle, Cybersecurity is Never Done, is especially challenging for dental offices and many small businesses. As technology ages, new vulnerabilities are found and usually patches are released, which must be con- sidered for maintaining security. ■ LIFARS helps businesses keep up with proper update manage- ment and patch holes, or replace vulnerable systems. LIFARS provides risk analysis, user and staff training, and cyber threat monitoring to help companies to continuously stay current with the changing landscape of cyber-attacks. For more information please visit www.lifars.com or call 212-222-7061.