Each month, RCM&D’s Cyber Practice highlights key issues in the world of cybersecurity. In this month’s edition of Cyber News Bytes, we discuss possible government collaboration, recent data breaches and more.
ALERT: Guidance for Microsoft Patch Following Recent Hack
A matter involving a significant number of Microsoft customers is unfolding. This article from Reuters points towards guidance to implement Microsoft’s emergency patches and encourages individuals to continue monitoring updates to this guidance moving forward.
Congress Address Private Sector Sharing Data Breach Info with Government
As the chain reaction to the increased volume and severity of Cyber threats continues resulting in drastic changes in the Cyber insurance market, it is natural to think about what can be done to improve these market-hardening conditions. As we’ve noted in previous newsletters, the insurance market’s heightened focus on an insured’s key controls is a step forward. The question remains, however, what more can be done?
An article from Ride The Lightning dives deep into the question of what could be next. Could private sector and government collaboration facilitate information sharing amongst breached organizations and ultimately mitigate the rise in Cyber activity?
Healthcare System Cybersecurity – Readiness & Response Considerations
Cyber claims activity dramatically rose in 2020. One of the most impacted industries by this rise was healthcare, which saw a 55% jump in data breaches from 2019 to 2020, according to a report from Bitglass. These alarming trends emphasize the importance of the information noted within resources recently released by HHS and NSA on Cyber preparedness, response and recovery.
Large-Scale Kia Data Breach?
Kia Motors allegedly suffered a Dopplepaymer gang ransomware attack. According to various news reports, the bad actors demanded $20 million for a decrypter key and for not releasing the stolen data. Costs resulting from a ransomware attack include not only ransom payments, but also costs associated with business interruption, data restoration, forensics costs and possible breach notification costs. Often, these attacks begin after an employee clicks on a phishing email. An article from Security Magazine goes into detail about the alleged attack and highlights several controls to lessen the likelihood of a ransomware attack, including:
- Refrain from interacting with unverified or suspicious emails.
- Backup important files using the 3,2,1 method – keep at least three copies of your data, on two different mediums, and on one copy offsite.
- Ensure applications and software are updated with the latest security protections.
Other important controls include implementing multifactor authentication, employee training, disabling/protection for remote desktop protocol, endpoint detection and response.
Jones Day Suffers Data Breach; Another Victim of the Accellion Hack
Jones Day, the tenth-largest law firm in the United States, suffered a data breach resulting from the Accellion data breach. Accellion is a third-party vendor providing file transfer and other services to many law firms. Accellion’s file transfer appliance, a product near its end-of-life phase, was the target of the attack. This breach is a good example of the importance of evaluating controls and negotiating terms with third-party vendors. An Interactive Security article identifies some of the pertinent items to consider in a vendor management program.
Questions?
RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.