Data protection. What does that really mean and why does it matter? You may have come across a multitude of headlines in the last few years referring to “cyber security” in some way, shape or form – whether it’s talking about hackers, foreign states hacking energy facilities, data leaks or some other disaster caused by a malicious threat actor reaching across the world to touch an unsecured network. It can be a lot to decipher what any of this means, but one thing is for certain – it affects you and your business directly.
Cyber attacks have risen dramatically in the last decade, and it’s reached peak acceleration during the covid pandemic and into the remote workplace conventions that have emerged as a result. More remote workers equal more potentially unsecured inroads to your business network. That’s bad for business, and that’s only one attack vector.
Data protection is no longer a “nice-to-have” or a bottom-of-the-budget-priority line item. It’s required if you hope to survive the evolving threats facing every business today. Yes, every business.
Think you’re too small to be a target, or too big to fail? Here’s how a hacker might hit you when you least expect it, and why protecting your data with a real, live cybersecurity team is the only way to create a hedge of protection. We’ll break it down by some of the most vulnerable business and industry types.
Healthcare & Healthcare Finance
Hospitals are a great place to find private data for a hacker. Patient data generally is very complete, with private information like social security numbers, private addresses, financial info, insurance data, family information, treatment information and more. If you’re a Healthcare Finance operation, you’ve got all of that data and more – you’re handling transactions every day and exchanging information with insurance agencies constantly. There are multiple attack vectors here (an attack vector simply means a vulnerable opening for a hacker to do their dirty work).
Hackers love to redirect funds into offshore accounts. Without the right security protocols and team training, your team may unwittingly share a password or a bit of account information with a threat actor. That creates an opening for them to intercept the transfer of funds right in the middle of a transaction. Furthermore, both healthcare facilities and finance services are vulnerable to malware and ransomware – which hackers use to lock down and steal your data, demanding a financial ransom before your files are unlocked.
Often, HIPAA and SOC compliance gives a false sense of security to healthcare and healthcare finance organizations. These compliance certifications represent only a bare minimum of cyber security requirements and a well-educated hacker knows exactly what these minimum requirements are. Working with a security organization is the only way to truly ensure your network is properly secured.
Financial Institutions run the risk of experiencing a wide gamut of attacks, from wire fraud and redirected payments to impersonation schemes, loan fraud, account hijacking, data ransomware and more. The risk escalation is similar to that of healthcare facilities because of the high level of personal data that financial institutions collect as well – including private security numbers, account numbers, investments, family data, private properties, business data and more. That makes them a prime target both for financial extortion/extraction as well as the stealing of valuable data that can contribute to further attacks or be sold to anyone on the dark net willing to pay for it.
Like Healthcare, there are certain security certifications that Financial Institutions are required to meet each year, namely SOC I & SOC II. Again, these certifications are minimum requirements for operational security – not a comprehensive security policy. Hackers are very familiar with how to look for an organization that is only meeting the requirements, and very sophisticated at defeating them. Often, the requirements are not updated fast enough to meet the evolution of hacking techniques.
Private companies, both big and small, are vulnerable in particular to phishing, vishing, malware, ransomware, impersonation schemes and more. Whether there’s $50 or $50 million to steal, there’s a hacker somewhere that’s willing to take it. Many private companies think they couldn’t possibly be a worthwhile target. Unfortunately, hackers have hit everyone from ice cream stands and shoe stores to large online retail organizations and distributors. PCI compliance, antivirus and firewalls unfortunately don’t cut it when there’s a myriad of creative and sneaky methods hackers use to defeat these defenses and gain access to your valuable customer, vendor and financial data.
Hackers usually begin with a process called OSINT – it’s the same method a cyber security team uses to gather information. Typically a hacker will be present on your network for over 170 days before they take action, patiently compiling information on your organizational structure, administrator accounts, data locations, backup locations, email addresses, passwords and other credentials. What looks like a sudden attack to you very likely has originated months beforehand.
Commercial Businesses, often private companies themselves, are at the same risk of attack. Frequently the threats are even more present and targeted due to the scale of operation implicit in manufacturing, logistics, construction, energy, distribution and supply chain. The fact that they are such critical supports in our national and global economic systems increases a hacker or hacking group’s leverage in extracting ransom funds.
You may have heard of some major, high-profile attacks that have occurred in recent years such as the Solarwinds Hack, the Microsoft Exchange Exploit, the Colonial Pipeline ransom and many more. These all targeted commercial businesses which are central and critical to our nation’s infrastructure and national security. Intellectual property, employee data, financial information, business records and ransom cash were all the ill-received prizes of these attacks. Your commercial business is at risk without a dedicated security team.
K-12 and Higher Education
Who would want to hack a bunch of schools? There’s nothing outside the greedy clutches of a cyber criminal or organized cyber crime group. Schools, both K-12 and higher education represent organizations ripe with data. Who would suspect an account set up with your fifth grader’s social security number? Hackers use accounts like this as drop-accounts before moving ransom cash offshore, and they’ll age the account like cheese so our federal security conventions and red-flags won’t pick up on it. There’s tons of data that can be locked down and extorted, where hackers will demand a ransom before unlocking or releasing the data back to the administrations of these schools. Who wouldn’t want to protect our kids? Hackers know this, and they use it to enrich themselves.
What To Do About It
Your first response might be to get an antivirus solution, change your passwords and hope for the best. Unfortunately this doesn’t cut it. Hackers can change virus signatures in minutes, defeating antivirus with ease. Your healthcare or financial institution might think it’s safe by meeting HIPAA and SOC standards. In reality these standards do not secure you against an attack – and in fact, they’re giving hackers the blueprints to how your organization is secured because they study those standards the way your IT department and certification vendor does.
Typically larger private companies and commercial businesses increase their cyber defenses with something called endpoint protection, which can be a combination of remote access monitoring, automated network management and alarm systems. Unfortunately, this still does not cut it. Endpoint protection, security standards, antivirus and password conventions can still be defeated by a determined individual or hacking group.
So what is the answer? There is nothing that beats teaming up with a live, dedicated digital security team who are in the trenches daily investigating what the bad guys are doing. A high-quality, experienced, and devoted team of OSCP’s (Offensive Security Certified Professionals) are what you need, and the threat dictates that every business of every size must now team up with a live counterattack group like this. These types of professionals are highly trained in defeating network security the same way that cyber criminals and hackers are. They investigate new tactics and technologies that criminals are using daily. They test all the ways criminals might pivot in order to attack your business undetected. They use this information and constant training to secure your network actively against the intelligent onslaught brought by these cyber criminals. They’re the best hedge of protection available, so you can have peace of mind and get back to business.