ChatGPT, Tabletop Exercises, and Lessons Learned From an Attack:  May Cyber News Bytes

Is ChatGPT a Cybercriminal’s New Secret Weapon?

Have you heard about ChatGPT? The new Artificial Intelligence (AI) tool that’s sweeping the nation has surged in popularity as both a fun source of information and a tool for increased productivity. Unfortunately, it’s also being utilized by cybercriminals. Phishing emails have always been known for their spelling mistakes, run on sentences and grammatical errors. With ChatGPT, threat actors now have the ability to make their emails more sophisticated. Since the start of 2023, there has been a hike in email and text scams. Darktrace Chief Product Officer Max Heinemeyer noted that across the company’s over 3,000 customers, it has detected a 135% increase in malicious cyber campaigns via email. The most dangerous phishing emails are bespoke, well-crafted and tailored to the recipient. In addition, the Federal Trade Commission (FTC) warns that cybercriminals are already using voice cloning to try to trick family members of a target into wiring cash for bail or other emergency legal fees.

Tabletop Exercises a Crucial Cybersecurity Tool

Conducting tabletop exercises can be a tremendous help for an organization looking to be better prepared for cyberattacks. Colonial Pipeline Director of Corporate Insurance Carey Almond recently shared some recommendations on the importance of cross-functional discussions to identify the organization’s major risks. Almond noted that running drills in preparation for an attack helps ensure that divisions are on the same page in responding to a cyber event. From an insurance perspective, it should also identify whether there are cyber insurance coverage vendor usage requirements and initial points of contact needed.

Lesson Learned from Dragos

As we’ve covered repeatedly over the years, we can all learn critical lessons from our peers who have been in the unfortunate position of having to respond to a cyber event.  Understanding the factors that led to the incident, the response following discovery and the remediation that ultimately ensued can help an organization consider ways to improve their own cybersecurity defense and elevate the incident response preparedness. Firmly believing in the “it takes a village” mindset, Dragos, a cyber security firm based out of Hanover, Maryland, shared details of a recently failed cyberattack they experienced. The piece goes on to summarize the attack point, attackers movement, internal securities that mitigated damage and concludes with recommendations for others to consider.

New Report Shows Healthcare Has Room for Cybersecurity Improvement

In partnership with the American Healthcare Association (AHA), KLAS Research conducted a study assessing the current state of cybersecurity in healthcare.  The study, which surveyed 48 organizations across the country with ranging size and scope, measured the participants’ alignment with both NIST and HICP frameworks.  Additional questions were posed to provide insight into where healthcare entities are investing in cybersecurity and the level of control given.

hbspt.forms.create({ region: “na1”, portalId: “5702639”, formId: “1576c62c-f31f-43ce-94f7-9eac30b710d0” });