|
Cyber Threats, Ransomware & Related Risks
|
tarix | 14.04.2018 | ölçüsü | 494 b. | | #38354 |
|
Cyber Threats, Ransomware & Related Risks Cyber Threats, Ransomware & Related Risks Common IT Exposures Best Practices Collaborating with the CIO The Internet of Things (IoT)
Reveton & variants (2012-2014) Reveton & variants (2012-2014) CryptoLocker (2013) CryptoLocker.F & TorrentLocker (2014) CryptoWall (2014) CryptoWall 3.0 & 4.0 (2014-2015) TeslaCrypt, 2.0, 3.0 (2014-2015) VaultCrypt (2015)
2016: The Year of Online Extortion – 10 New ransomware families monthly 2016: The Year of Online Extortion – 10 New ransomware families monthly Jigsaw (April 2016) Locky & Goliath variant & TrueCrypter (May 2016) Stampado (July 2016) CryptXXX (July 2016) VariantscuteRansomware (July 2016) CTB Faker, Alfa & Ranscam (July 2016) Pokemon Go Ransomware (Aug 2016) Venus Locker (Aug 2016)
Feb: Hollywood Presbyterian Hospital in CA Feb: Hollywood Presbyterian Hospital in CA Mar: Medstar Georgetown University Hospitals in MD/DC (10/250) Mar: Methodist Hospital in KY Mar: Prime Healthcare Management in Chino and Victorville, CA (2) Mar: Norfolk General Hospital in Ontario May: DeKalb Health in IN
Readily accessible remotely Readily accessible remotely Weak or gapped security protections & compliance Culture that emphasizes speed & ease of use/access vs. safety Limited security awareness
Weak, unprotected or re-used passwords (e.g., LinkedIn) Weak, unprotected or re-used passwords (e.g., LinkedIn) Social engineering hacks via phone or in-person/on-premise Physical security breaches High risk websites with “drive by” AKA “no click” ads
BYOD or lost/stolen endpoint devices BYOD or lost/stolen endpoint devices Unencrypted or insecure USBs, CDs Non-sanctioned “Rogue Clouds” e.g., Google Drive, DropBox, etc. Public Wi-Fi Non-secure corporate, e-commerce or patient portal sites
Unpatched server & application vulnerabilities Unpatched server & application vulnerabilities Mis-used domain administrator accounts Weak East-West firewalling within corp network- VLANs, vShield Unencrypted data at rest – SEDs, BitLocker Data replication & back-up gaps Untested or out of date BCDR plans
Internet content filtering, ad blockers - OpenDNS, Websense, Ghostery Internet content filtering, ad blockers - OpenDNS, Websense, Ghostery Implement Next Gen Firewalls with SSL Decryption – Palo Alto Outsource 24x7x365 network traffic monitoring – Dell SecureWorks Implement data loss prevention solution – Symantec, McAfee, Splunk Use a secure password manager – LastPass Mobile device management solution – MobileIron, AirWatch
Devise effective security awareness training programs Devise effective security awareness training programs 16 Character passwords using passphrases (e.g., IT’s0n1ym0n3y!) Conduct social engineering tests via phone and at facilities Implement Dual factor authentication for user logins/access – Duo Secure file sharing service such as Box Secure messaging service such as NetSfere
Threats: Threats: Denial-of-Service Patient Data Theft Therapy Manipulation
Dostları ilə paylaş: |
|
|