Should Cyber Vigilantism become Legal?

That’s essentially what proponents of the Active Cyber Defense Certainty Act (ACDC) also known as the “hack back” bill believe should happen.

As discussed in a post on cpomagazine, bipartisan support for ACDC is growing within Congress and discussions are centering around how much latitude corporations should have when “hacking back” against their attackers.

Moving Beyond Active Defense

At present, an existing law the Computer Fraud and Abuse Act specifically spells out that companies cannot engage in any form of digital vigilantism if they feel they have been the victims of a cyber-attack. This includes even relatively passive activities such as the use of “beacons” to track and monitor the hackers who have broken into their systems. To a growing number of people this current law seems outdated in today’s world and akin to bringing a knife to a gun fight.

Empower and Level the Playing Field

What the advocates of ACDC propose is untying the hands of corporations. They hope that by allowing the use beacons and more corporations will facilitate the:

  • Tracking of criminal activity
  • Attribution of criminal activity
  • Monitoring of future activity and
  • Ultimately developing means to disrupt that activity.

Safeguards would accompany these increased hack back powers and include requiring the involvement of law enforcement and limiting the hack back initiatives to “qualified defenders”.

Questions and Concerns

As the saying goes “the road to hell is paved with good intentions” meaning it is often difficult to foresee the negative consequences of what appear to be positive actions. Many fear that ACDC may be one of these paving stones.

Here are some examples to consider

What would keep one competitor from “framing” another for an intrusion as a means to justify attacking them?

Who will be deemed a “qualified defender” and what would keep them from drumming up business by creating attacks themselves?

How will the victim know with absolute certainty that the identity of their attacker is correct and not a patsy created by the attacker?

What happens when a US corporation identifies the attacker as a hostile nation-state? Whose responsibility will it be to “hack back”?

Start your Active Defense Today with Konsultek

At Konsultek we build custom security solutions that detect, monitor and defend against outside attacks. While we can’t “hack back”, we can understand the attackers activities, adapt and improve defenses in real-time.

If your organization is not taking advantage of the latest security technologies or if you wonder just how robust your security is, we can help.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Cybersecurity is Top of Mind for Delta Airlines CEO

You would think that when asked “what keeps you up at night” the CEO of Delta, the world’s second largest airline might say something like fuel cost, reliability, safety or productivity. But surprisingly, that is not at all what Delta CEO Ed Bastian said when interviewed a few weeks back by Marketplace’s Kai Ryssdal.

The whole interview is interesting and Mr. Bastian is clearly the bright visionary you would hope would be at the helm of a global leader like Delta so the 5 minute interview is certainly worth the time.

Still, if you are pressed for time you can fast forward to 2:55 and hear the surprising answer.

Ed Bastian is Focused on Cybersecurity. Are You?
If you aren’t, can we politely suggest we talk? Over the past few years we’ve learned “C” levels are very concerned about cyber security and have found a common theme talking with business leadership in other industries as well. Many in business leadership don’t understand what their IT department is trying to say regarding new projects and what exactly is it doing for their organization. Here at Konsultek we live and breathe cybersecurity. We develop custom solutions for organizations of all sizes, across all markets, to address these concerns. We work with business leadership so there’s a clear understanding as to what needs to be done to achieve an acceptable risk level. As businesses become much more dependent on data to grow their customer bases, gain new markets, and increase profitability, the need for a solid cyber security foundation is more important now than ever. If you’re unsure as to whether or not your organization is vulnerable to cyber-threats we would be happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/. This assessment is designed to give business leadership a clear understanding and direction they need to grow their business.
The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Rush Joins List of Healthcare Providers with Significant Breach

Image Source: https://www.rushu.rush.edu/rush-experience/our-location

A few weeks back we wrote about Easton Hospital and the lawsuit surrounding their 2014 loss of 4.5 million patients’ personal data.

Monday it was reported that a breach of similar data has occurred at Rush University Medical Center. At an estimated 45,000 records the breach is 100 times smaller than that which occurred at Easton Hospital and that is not the only dramatic difference between the two.

Chinese Hacking vs. Improper Disclosure

In the case of the Easton Hospital breach forensics traced the breach to the malicious efforts of a Chinese hacking group. In the case of Rush, no “hacking” took place. Instead, according to an article on the Chicago Tribune  website, “At Rush, an employee of one of the hospital system’s billing processing vendors improperly disclosed a file to “an unauthorized party,” likely in May 2018, according to a letter sent to affected patients.”

Wall of Shame

The U.S. Department of Health and Human Services Office for Civil Rights breach portal euphemistically referred to as the “wall of shame” points out several interesting things about the state of data security in the healthcare industry.

  • Breaches on the Rise – As compared to the same period during 2018, 2019 is so far on a pace that is more than DOUBLE! (24 vs. 59)
  • Averaging About 1 Medical Related Breach a Day – In the 65 days of 2019 we’ve flipped past on the calendar so far this year there have already been 59 data breaches reported on the wall of shame.
  • Big Breach Small Breach – The number of records disclosed range from as few as 576 (Managed Health Services) to as many as 400,000 (Columbia Surgical Specialist of Spokane)
  • Mainly Attributed to Hacking – 36 of the 59 breaches are attributed to Hacking/IT Incidents with Unauthorized Disclosure (14) and Theft (9) accounting for the majority of the remaining breaches.

Even the Best Security Can be Compromised

At Konsultek we develop world class security solutions that prevent, detect and respond to attempts to breach networks. However, as the Rush breach and the 13 other cases of Unauthorized Disclosure highlight, even world class security solutions can be compromised by inadvertent/malicious activities of employees and sub-contractors.  Ultimately, Network Access Control has to be more than a digital solution. Training, procedures and other management controls must work in concert with IT’s security efforts in order to prevent human powered security incidents.

Forescout® Sets a New Standard for Endpoint Visibility

According to Gartner, by 2023, the average CIO will be responsible for more than three times the endpoints they manage in 2018.
IT say Hello to OT
One of the primary drivers behind this endpoint increase will be the expansion in the number of IoT and OT endpoints. The role of IT is evolving and the IT department, CIOs and CISOs are going to have to become more operational focused in order to effectively manage security in the ever more connected world of business.
Forescout Leading the Way
“We see that the vast majority of this growth is coming from IoT and OT, as well as public and private cloud instances, over traditional IT and corporate managed devices,” said Michael DeCesare, CEO and president, Forescout. “With our latest platform release, Forescout is the only vendor that can offer true device visibility and control across the extended enterprise from IT to OT and scale to two million devices regardless of physical, virtual, cloud or hybrid environments.”
Introducing Forescout 8.1

Forescout 8.1 is the first unified device visibility and control platform for IT and OT networks. Finally, you can have complete situational awareness of all devices on your network and more effectively orchestrate actions to mitigate cyber and operational risk.


Konsultek Knows Forescout
As one of Forescout’s premier partners Konsultek has been helping customers across all industries gain visibility into their endpoints and more effectively control network access for years. So, whether you are looking for a self-managed implementation or a complete hands-off managed security service, Konsultek has the engineering expertise and direct access to Forescout’s top experts to make your endpoint security goals a reality.

Survey Reveals Size Matters When Planning Security Spend

In mid-August 2018 Gartner published its prediction for an 8.7% increase in IT security spending in 2019. This week eSecurityPlanet.com released its State of IT Security Survey and revealed that when it comes to security spending in 2019, size matters.

Survey Says

Based on their survey, it will be the larger companies that will be primarily driving the 2019 increase in spend while smaller organizations will lag behind.

The vast majority of big spenders in the survey (69 percent) were mid-sized through very large organizations, and their spending lists are long.

By contrast, of the 46 percent of respondents who said their cybersecurity spending will remain flat or down slightly, 62 percent were from companies with fewer than 100 employees, and only a few were from very large companies.

Image Source: eSecurityPlanet.com

Where Will the Spend be Focused?

According to the survey respondents the majority of the spending will be on proven core security technologies -specifically NAC, web gateways and DLP. This is consistent with what we’re seeing at Konsultek and represents the bedrock of our expertise. Our holistic approach to security solutions is built upon weaving together offerings from leaders in each of these fields such as ForeScout, F5, Forcepoint and Checkpoint.

Are You Prepared?

About 64 percent of respondents said they conduct penetration testing at least annually, and 60 percent conduct threat hunting exercises at the same rate. Do you? Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Easton PA Hospital Getting Close to Settling Breach Lawsuit

Easton, PA is a small town in Pennsylvania’s beautiful Lehigh Valley with a population of just under 30,000. It is probably best known as the home of America’s beloved Crayola crayons.

Image Source: Google Maps

Targeted by Chinese Hackers

It wasn’t Crayola however that Chinese hackers were interested in back in August, 2014 when they executed a cyberattack on another Easton landmark, it was the local hospital. At the time, Easton Hospital was owned by CHS (Community Health Systems) of Franklin, TN. According to Easton Hospital and CHS thieves stole the personal data of some 4.5 million patients including names, birthdates, phone numbers and Social Security numbers.

Lawsuit Pending Approval

Today, nearly 5 years later a host of lawsuits have been consolidated into one larger suit that is about to be settled by a judge in Atlanta. If approved by the judge this August, qualifying victims would be eligible for two types of payments:

  1. Up to $250 for out-of-pocket expenses and documented time lost from the breach.
  2. Up to $5,000 for losses due to identify fraud or identity theft from the cyberattack.

Joining an Ever Growing List

ClassAction.com maintains a list of notable data breaches to which the Easton breach could potentially be added based upon its scope. Here is the list:

  • Anthem: $115 million
  • Target: $28.5 million ($18.5M for states, $10M for consumers)
  • Home Depot (affected 50 million cardholders): $19.5 million settlement
  • Sony (PlayStation network breach): $15 million
  • Ashley Madison: $12.8 million ($11.6M for consumers, $1.2M for states and the FTC)
  • Sony (employee information breach): $8 million
  • Stanford University Hospital and Clinics: $4.1 million
  • AvMed Inc.: $3.1 million
  • Vendini: $3 million
  • Schnuck Markets: $2.1 million

A Wakeup Call for All Healthcare Providers

This settlement should serve as a wakeup call for all healthcare providers. If only a quarter of the 4.5 million patients receive just the $250 payout the cost to the affected parties would be over $281 million dollars!

Healthcare providers by nature have access to the most sensitive personal data on the planet. You know that, I know that and the cybercriminal element knows that. Because of this we foresee a continued targeting of healthcare providers going forward. From simple information stealing to more elaborate ransomware attacks, healthcare providers need to make certain that their network security is as robust as possible.

How Konsultek Can Help

At Konsultek we eat, sleep and breathe security.

Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

 

Mortgage and Loan Data Leaked Twice

7 days ago Techcrunch revealed that independent security researcher Bob Diachenko had found 24 million financial and banking documents exposed to the world as a result of a server security flaw. Considering the type of data exposed – loan documents, sensitive financial and tax documents – this was a significant and very serious breach.

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko told TechCrunch. “This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

The leaked documents were OCR (Optical Character Recognition) files and while the compromised server was immediately shut down once the security flaw was identified there is no telling how many cybercriminals might have already accessed the files.

Who’s at Fault?

After working through the various parties involved it appears that the source of the breach was the machine learning firm OpticsML. Which according to their website (now offline) “will automate the page indexing and data extraction process entirely. Different from traditional OCR companies, Optics Machine Learning trains computers to read and understand documents like a human, enabling an 80% reduction in labor needs alongside higher levels of accuracy so your analysts can focus on higher level tasks.”

Same Documents Released AGAIN!

In a surprising “you can’t make this stuff up” twist on this already monumental breach, the following day Dianchenko found the original loan documents on an “easy to guess” web address on an Amazon AWS server without so much as simple password protection! Considering that Amazon AWS storage servers have a default privacy setting of “private” it seems that someone either accidentally or consciously set the permissions to public.

While this may not end up being the largest data breach of 2019, with more than 11 months left in the year it surely has secured its place in the top 10 most significant breaches by virtue of the fact that the same information was exposed twice in two different formats on completely different storage networks.

Security On Your Mind?

At Konsultek we eat, sleep and breathe security. If you are interested in getting an outside, independent and unbiased analysis of your network’s security simply give us a call or click here https://konsultek.com/executive-risk-assessment/  First 20 that click thru get a complimentary Executive Risk Assessment. This assessment will not only show you risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.  Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

2018 HIMSS Cybersecurity Survey Findings

The 2018 HIMSS Cyber Security Survey has been released and it’s a “must read” for anyone in the healthcare security space.

Most Respondents Have Had a Significant Security Incident

An overwhelming 75% of survey respondents indicated that their organization had experienced a significant security incident in the past 12 months. It is unfortunate that the 2017 survey did not include this question for comparison purposes so it is impossible to tell whether the respondents would have indicated this is an increase or decrease over 2017.

Image Source: 2018 HIMSS Cybersecurity Survey

Phishing and Negligence are Top Threat Actors

37.6% of respondents identified “online scam artists” such as though behind phishing and spear phishing campaigns as the #1 threat actor in 2018. Next in line? “Negligent insiders” at 20.8%.  Negligent Insiders are defined as well-meaning but negligent individuals with trusted access that inadvertently may facilitate a breach.

E-mail Dominates as the Initial Point of Compromise

While this is no surprise given the #1 position of “online scam artists” cited above, the attribution of phishing emails as the starting point for 61.9% of all significant security events was higher than expected. This strongly suggests that in addition to robust network security detection and containment solutions healthcare providers should also be investing to create a culture of security through employee training.

More Resources Being Allocated to Cybersecurity

If there is a bright spot in the survey it is certainly that healthcare organizations as a whole (83.4%) are allocating more resources to cybersecurity. This is good news since 2018 saw cybercriminals increasing their focus on healthcare and other high profile industries that have deep pockets and a low threshold of pain.

The Cure for Your Cyber Security Pain

Konsultek knows healthcare security. Organizations both small and large trust their network security to our customized solutions and holistic approach. If you are experiencing the symptoms of a cybersecurity illness it may be time to schedule an appointment with one of our specialists.  From executive assessments to penetration testing we have the knowhow and experience to identify and cure what ails you.

Navy Responds to Cyber Breaches with Research Solicitation

Navy Responds to Cyber Breaches with Research Solicitation

Back in December we covered the Navy’s alarming revelation that significant cyber breaches had occurred over the prior 18 months.

 

Corrective Actions Already Underway

Last week NAVAIR updated their Resilient Cyber Warfare Capabilities for NAVAIR Weapon Systems solicitation. This solicitation, originally issued July 6, 2018 seeks research support technologies that are applicable to making the NAVAIR Weapon Systems more resilient to cyber-attack. It’s good to know that NAVAIR has already been making efforts to take corrective actions after the October 2018 GAO Study found that some of the most sophisticated weapons systems were vulnerable to relatively simplistic attacks.

3 Pillars of Interest

According to an article on fithdomain.com NAVAIR is planning to better protect its systems moving forward by improving its capabilities in 3 areas.

  1. Dynamic Reconfiguration – when a network makes “changes to router rules, access control lists, intrusion detection/prevention system parameters, and filter rules for firewalls and gateways.” – as defined by NIST.
  2. Deception Tactics – “Leveraging classical denial and deception techniques to understand the specifics of adversary attacks enables an organization to build an active, threat-based cyber defense,” – according to researchers at MITRE.
  3. Artificial Intelligence – “We see that the more we automate our networks and the more we use machines to do the heavy lifting, the better. Our brains do not have the intellectual capacity to process all of that information,” – Rear Adm. Danelle Barrett, Navy Cyber Security Division Director.

Mirrors Konsultek’s Approach

What does protecting NAVAIR weapons systems and protecting your network have in common? In both cases a dynamic, holistic approach to security is needed. At Konsultek our custom security solutions defend, detect and secure networks against attacks from all manner of threat vectors. When you’re ready to take the next step in advanced network protection, give us a call to learn more.

Is Automation the Key to Lower Incident Response Times?

This year’s SANS Endpoint Security Survey report is loaded with interesting statistics such as:

  • 42% of IT professionals acknowledged they had suffered a breach on their endpoints.
  • 20% said they did not know if they had been breached.
  • 82% of those that knew of a breach said it had involved a desktop.
  • 69% cited corporate laptops.
  • 42% cited employee-owned laptops.
  • 47% of antivirus capabilities detected threats.
  • 26% of breaches were detected by endpoint detection and response (EDR) capabilities.

It was this last response that was of particular interest, so we took a deeper dive.

Endpoints Up Response Times Down

One of the challenges facing security professionals is the seemingly ever expanding number of endpoints that need to be monitored. It’s akin to having an ever expanding fence line that needs to be patrolled and maintained by a rancher to prevent loss of livestock to predators.

 

Interestingly enough, despite the growth in endpoints this year’s report showed that incident response times are actually decreasing. One of the primary reasons for this is automated endpoint detections and response capabilities (EDR).

Are you Automated?

 

If you have purchased and fully implanted a next-gen EDR solution you can consider yourself and your organization firmly ahead of the curve.  As SANS Analyst and survey author Lee Neely states in the report:

 

“The diversity and quantity of endpoints in the modern enterprise are driving the need for more automation and predictive capabilities. While [organizations] are purchasing solutions to keep ahead of the emerging cyber threats, they appear to fall short on implementing the key purchased capabilities needed to protect and monitor the endpoint.”

In fact, to be more specific:

“Of the IT professionals that had acquired next-gen endpoint security solutions, 37% haven’t implemented their full capabilities”.

Let Konsultek Help You Automate

The SANS Incident Response Survey shows that the largest number of respondents had a “time to detect” between 6-24 hours, “time to contain” of 2-7 days and  finally a “time to remediate” of 2-7 days.  As security professionals looking to secure an ever more complex end-point “fence line” how do we accelerate the incident response time? The obvious answer is to use machine based automation.

Curious as to how that might work in your organization’s network? We’d be happy to explain! Just give us a call to discuss how a Konsultek custom security solution can take your organization to a whole new level of security.

 

© Copyright 2018 Konsultek