Featured [r Blogs

When your critical data is under attack, you don’t have time to waste. Incident response helps you respond effectively, and understanding the lifecycle is vital to a powerful defense. Formulating an incident response plan can be the difference between a quick resolution and significant financial consequences for your business in the event of a cyberattack. While you can start with the Cybersecurity and Infrastructure Security Agency (CISA)’s quickstart guide to incident response plans, we’ve created a complete explanation below.

Incident response focuses on how organizations deal with data breaches. Cybersecurity incident response plans work to minimize damage to systems and data in the event of a cyber attack, data breach, or outage. Having an effective incident response program is crucial for any organization to recover with minimal disruption in the event of an incident. Learn more about incident response and how to create an incident response plan. What Is Incident Response?

It’s hard to believe, but the first quarter of 2023 is behind us and Spring is well sprung. There is an old saying when describing springtime: In like a lion, out like a lamb. I wonder if the same can be said for the state of ransomware in healthcare for 2023. At this year’s American Hospital Association (AHA) Rural Leadership meeting in San Antonio, I continually heard that a top concern from attendees is ransomware.

Vulnerability scanning vs penetration testing – equally important but often confused. We’re here to pull back the veil on these two valuable tools to help you understand whether your business needs one (or both) to keep your digital landscape secure. Keeping your organization safe from cyber attacks is a 24x7x365 responsibility. The wicked never rest. It requires every tool in the toolbox to keep evildoers from running off with your organization’s crown jewels.

When it comes to cybersecurity, it’s important to understand the tools, techniques, and thought processes of threat actors. Once adversaries have initial access to a network, lateral movement allows them to extend access and maintain persistence by compromising additional hosts in the network of their target organization. Threat actors can gather information about the company’s user activity and credentials, location of important data, and leverage methods for escalating privilege to successfully complete their attack, theft or espionage activities.

The case for implementing a Zero Trust strategy has never been greater. Cyberattacks are increasing in scale and severity with an attendant growth in sophistication. Most organizations agree: The post-pandemic world requires a paradigm shift in how we approach cybersecurity. In fact, in 2022, 72% percent of organizations were either in the process of adopting Zero Trust or had already adopted it.1 What is Zero Trust? At a high level, Zero Trust requires all users (inside or outside the network) to be continuously authenticated and authorized to gain network access.

Everyone knows cyber crime is increasing, boosting cybersecurity initiatives to the top of the corporate priority list. While 38 percent of Fortune 500 companies did not have a chief information security officer just three years ago, every single one does today. In addition, Gartner estimates that $188.3 billion dollars will be spent on information security and risk management products and services in 2023. A myriad of cybersecurity-related solutions have flooded the market in recent years in response.

On January 26, 2023, the Department of Justice (DOJ) announced that, following an extensive operation, the FBI were able to disrupt the Hive ransomware gang’s operations by distributing decryption keys to numerous victims mid-attack. It has been established that Hive’s victims included hospitals, U.S. K-12 schools, and other critical infrastructure entities. The question of “if” or “when” the victim of a ransomware attack should report and involve authorities comes up during every discussion involving healthcare incident response plans.

Managed Detection and Response is a managed security solution that provides organizations with an expansive suite of cyber security services, including threat monitoring and cybersecurity event analysis, to help ensure their environment is safe around the clock. MDR services can help improve security across an organization’s network and strengthen its infrastructure by leveraging the latest security technologies and experienced security professionals. Read on to learn more about what MDR services are and how they can help fortify cybersecurity across your organization.

Our world and work are powered by data. To make use of that data, each of us is reliant on technology, from the computers where we answer emails to the phones we keep in our pockets. However, as our reliance on (and the complexity of!) these systems and data increase, our risks grow with them. Confidentiality, integrity, and accessibility of data are essential to the success of a company, yet many firms simply do not have the resources necessary.

Today, businesses face more sophisticated cybersecurity threats than ever before. And security incidents don’t just affect the big businesses you hear about in the news. Every type of business is at risk: from professional services firms to healthcare providers. As attacks proliferate, many businesses are seeking the support of a Managed Security Service Provider (MSSP). These external security providers are responsible for maintaining the security of their clients’ systems and networks.

On 04 October 2022 CommonSpirit Health announced a cyberattack affecting its system of healthcare facilities. CommonSpirit Health operates more than 1,000 care sites and 140 hospitals in 21 states, including CHI (Catholic Health Initiatives) Health and MercyOne facilities in Iowa. CommonSpirit reported on their website that the attack affected their electronic medical record (EMR) and CHI Health and MercyOne have notified their patients that patient portals, electronic prescriptions, and scheduling have been affected, with some procedures delayed.

Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, which posed some initial, but not insurmountable, reverse-engineering challenges. BianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations.