Understanding The NIST Cybersecurity Framework

During the past three decades, since the advent of the internet, our technological evolution has witnessed dramatic development. This shift has permanently altered the landscape of our communication, economies, and business operations. Across this changing environment, businesses have consistently encountered cybersecurity threats.

And in this past year, with the COVID-19 pandemic, these cybersecurity threats have morphed once again. Much of the global focus has been on the biological threat of the virus. Still, businesses around the world have also been exposed to a heightened cybersecurity threat.

Our technological advancements have allowed us to respond to the challenges of the pandemic in ways never seen. Communication, business, and individual interactions have been able to move to digital alternatives, foregoing many of the negative impacts of the pandemic. However, these same transitions online have also presented newly found threats to our cybersecurity. It is a reality many experts have identified as a “cyber pandemic.” The World Health Organization (WHO) reported a 500% increase in cyberattacks in late April 2020 alone. Cybercriminals have been able to exploit the extraordinary shifts of people and processes to online resources.

In short, the need to prepare and respond to the advancing threats in the cyber world is pressing. Understanding the ongoing threats to your business has rarely been more critical. A step in the right direction is to assess better your business’s preparedness and ability to manage and reduce threats.

This article covers a vital resource for responding to cyber threats. We discuss an understanding of the NIST Cybersecurity Framework and its role for your business.

What is the NIST Cybersecurity Framework?

NIST is an acronym for the National Institute of Standards and Technology. Developed at the US Department of Commerce, this framework was designed to help public and private organizations better assess, manage, and minimize the risk of cybersecurity threats—protecting data and networks. The framework is a set of guidelines that assist organizations in determining how their focus is best suited and where to invest in protection for cybersecurity. Ultimately, the NIST Cybersecurity Framework supports organizations in making proactive strategies to mitigate risk.

The purpose of the NIST framework

The US Congress passed the framework in 2014, and numerous organizations use it. Prominent corporations using the framework include Intel, Microsoft, and Boeing. Originally a US-based initiative, the use of the NIST framework is also gradually being adopted by international organizations to address cybersecurity threats that remain a global issue.

Regardless of where it is applied, the framework has a few common goals in mind. For one, it is intended to provide an integration of industry standards and best practices that assist various types of organizations in managing the risks associated with cybersecurity. Secondly, the framework is intended to offer a common language to promote general understanding amongst staff members. Third, NIST strives to provide a guide on diminishing cyber risks. And lastly, the framework aims to provide education on responding, recovering, and learning from a wide array of cyber occurrences.

Primary functions

To achieve its intended purposes, the NIST Cybersecurity Framework sets out five primary functions that the developers identify as the Framework Core. Each of these functions is proposed to co-occur, and they represent an overall cycle for security efforts. The five primary functions are labeled: identify, protect, detect, respond, and recover.

Below are further explanations on each of the Framework Core’s areas of emphasis:

  • Identify: This first function of NIST is to take inventory of vital facets within an organization that could be at risk. Essential to this first step is recognizing current risks, existing digital assets, and critical roles within the organization. The primary function of this phase is to examine essential functions and management of sensitive information and capabilities, including risks to systems, assets, and data.
  • Protect: This second function is meant to define relevant safeguards for developing strategic structures. Following the identification phase, an organization can institute structures of priority to assign the correct efforts. Overall, the effort is to minimize any potential impact from a cybersecurity occurrence.
  • Detect: NIST’s third function is the implementation of monitoring protocols. An organization will monitor computers for unauthorized access, company devices, and active software. The detection phase also involves a deep dive into any suspicious activity on the network and ensuring the network is clear of unauthorized users or connections.
  • Respond: The fourth function of NIST is to implement response strategies once cyber concerns are detected. Organizations will want to develop various plans for the response phase. Methods may include notifying customers, employees, and others with data at risk. Further responses may involve contacting law enforcement or other authorities while investigating the attack and containing it. And any response should concern itself with maintaining business operations during the assessment and response to a security incident.
  • Recover: As an extension of the Response phase, organizations should develop a strategy for restoring compromised operational capacities or data. Critical to this recovery phase is implementing improvements that can occur because of the education and review that is made following a cyber incident.

The Cybersecurity Framework is also comprised of Implementation Tiers and a Framework Profile. Implementation Tiers represent the degree to which an organization’s security practices are exhibited in the Framework Core. And the Framework Profile represents Categories and Subcategories within the core functions of the Framework. For in-depth reading on the Framework, you can visit NIST website.

Resources

The NIST Cybersecurity Framework has developed into a viable asset for numerous types and sizes of public and private organizations. However, it can be a complex system to understand or integrate into your operations.

Also, there are many factors to consider for the security and protection of your company’s data. An organization must determine what security measures will be optimally designed for your specific needs.

Network Coverage understands the reality and challenges facing today’s most vulnerable industries. This is why Network Coverage has assembled a set of technology and business solutions to support your organization in maneuvering through this complex and critical environment.

Set up a consultation with Network Coverage for experienced advice and support.

 





Security Measures You Need to Take When Using Remote Desktop

It seems there’s not a day that goes by that cybersecurity isn’t being threatened by the likes of criminals and other ill-intentioned folks. At such a pivotal moment, millions of workers everywhere are transitioning to remote work, many for the first time. Businesses worldwide are trying to develop solutions that are as affordable as possible while still generating the amount of work necessary to keep operations growing.

With so many new connections coming online, cybersecurity measures need to be as robust as ever. Since the beginning of the COVID-19 pandemic, Remote Desktop Protocol, or RDP, usage has dramatically increased. Curtis Dukes, CIS Executive Vice President & General Manager, Security Best Practices, said, “Remote environments have always been a desired target for attackers to conduct a cyber-attack, and COVID-19 has increased that attack surface.”

Minimizing RDP Vulnerabilities

The Center for Internet Security lists seven best practices that can help bolster security efforts and can be implemented for relatively lost costs.

1. Place RDP-enabled systems behind a Remote Desktop Gateway (RDG) or virtual private network (VPN)

This shuts off access to the remote desktop environment through a second (and sometimes third) layer of protection. Consider implementing 2FA in conjunction with the RDG or VPN for an even more secure barrier to entry.

2. Update and patch software that uses RDP

This will ensure that any vulnerabilities are successfully patched. Your IT team should be able to handle mass updating, and if not, make sure that when an update is posted, it’s communicated to employees how important it is to update.

3. Limit access to RDP by internet protocol (IP) and port

Port 3389, anyone? Feeding off of point number one, you never want to have access to your remote desktop environment available to the outside world.

4. Use complex, unique passwords for RDP-enabled accounts

Using longer and more complicated passwords is always harder for criminals to guess or attempt to brute force. Additionally, require that all passwords are changed fairly often. It’s also common practice that passwords cannot contain whole words. While remembering or writing down long passwords can be a pain for employees, the safety of the company’s data is much more painful to recover, guaranteed.

5. Implement a session lockout for RDP-enabled accounts

Session lockouts help prevent brute force attacks by disabling access after a certain number of failed login attempts. Be sure that access can only be restored by the IT team. When this event occurs, it’s a good idea to have them check the logs to see if an unknown IP was trying to gain access.

6. Disconnect idle RDP sessions

If a machine is infected, the criminal may not be so brazen as to immediately start attempting to attack or break-in. A compromised system can be surveilled until the right moment for cybercriminals to launch an attack. Disconnect idle sessions after a specific duration of time that requires the user to log in again.

7. Secure Remote Desktop Session Host

By utilizing the RD Connection Broker, companies can further protect the host from direct cyberattacks, whether they’ve penetrated security parameters through guest machines or other network interfaces.

Other Remote Desktop Security Measures

Two-Factor Authentication (2FA)

2FA creates an extra layer of security for online accounts beyond a standard username and password. You may already be familiar with 2FA in many daily-use applications, such as banking logins, gaming logins, and e-mail verification. This extra barrier to entry can help prevent unauthorized access to system critical functions and data should a cybercriminal infiltrate one of the many remote devices that will log in to your company’s infrastructure.

Remote Device Management

Assuming employees log in on company-provided computers, it’s a great idea to closely monitor what sort of activity is handled on these machines. Strict rules around the types of work that can be completed on these machines should be enforced. It only takes one of these computers to get compromised to bring down your entire work system.

Employee Training

The most significant to cyberattacks and digital theft would be proper employee training that’s both reoccurring and tested. Conduct weekly safety meetings that help reinforce the importance of protecting company IT assets. Remind them that passwords will be changed every certain number of days and give them tools to help identify when an attack may be occurring.

Bolstering Your Remote Desktop Experience

Security is always important. Besides the tips on this list, be sure that any time a hardware change is completed, IT teams take the time to properly reconfigure it. There’s a story about a company that performed a firewall change; after the hardware was swapped out, the IT technician forgot to check a single box that was responsible for blocking remote desktop access through an external IP address. This one small oversight allowed a malicious payload to be injected through a local admin account, causing costly ramifications and locking their IT systems up for several days before they could be fixed.

With that in mind — always be safe, and contact us if you need any help with remote desktop security.





Why is it Important to Update Security Patches?

You most likely have come across the term ‘security patch’ in your computer or other electronic devices that get software updates pushed to them as they become available.

At first glance, that word may not sound like a big deal, and often users will click the button to do the update later. However, telling the device or software to update later is all it takes for a hacker to gain access to that device as well as the network it is on. (more…)





What is a Cybersecurity Audit & Why is it Important

Imagine for a moment that you’re building a new house. Once construction is complete, you notice that your sink leaks. You walk into your attic and realize there’s no insulation. Your basement is humid and mold is growing because proper dryer ventilation has failed. As you continue through the house, more problems and failure points are discovered.

Your house has failed its ‘stress test’. While we know this is a bit of an extreme example, the same thing could be happening to your network.

And while it won’t help to keep you warm at night, making sure that your entire cybersecurity platform is robust and thoroughly checked for vulnerabilities is crucial for both peace of mind and the safety of your data. The 2021 Verizon DBIR report shows that, in 2020, 73% of all cyberattacks were seeking out cloud assets.

But how can we safeguard our network against these types of weak points? Simple — we need to perform a cybersecurity audit.

What Is a Cybersecurity Audit?

A cybersecurity audit is a comprehensive review and thorough analysis of an IT infrastructure. The audit process is formulated to discover imminent threats and vulnerabilities while bringing visibility to existing weak points and risky behaviors.

While different companies will ultimately have different needs regarding their overall security needs, there are a few best practices that you can use when developing your security audit.

Revisit Your Company’s Data Policy

Security Scorecard, another security rating firm, states that companies should have an information security policy that lists out all of the pertinent details about how, when, and why a company handles data the way that they do. Within that policy, there should be clear and easy-to-understand details about:

Data Confidentiality – This says who has access to your different types of data and who it can and cannot be shared with.

Integrity – This is to understand how your security protocols maintain data accuracy. Additionally, this also lays out the framework your IT team uses to keep your data online in the event of a cyberattack.

Data Availability – This is for defining what conditions need to be met before any authorized users are allowed to access your different sets of data.

Your Cybersecurity Policies, Simplified and Centralized

During your audit, you want to paint the clearest picture possible regarding your data policies and compliance requirements. For example, if you’re auditing a hospital’s system, auditing with HIPPA compliance in mind will help to make sure your patient data is protected from all angles. Other factors to consider are:

Network Access Control – This is your visibility and control of your network. Security Scorecard recommends checking user access and segmentation.

Disaster Recovery and Continuity Plan – In the event of a cyberattack, what steps will you take to keep business operations online?

Requirements for Remote Workers – What software is your team allowed to use? What are the VPN protocols? Is their access to your company’s data full or partial and where is it located within the company?

Acceptable Use Policy – This details what data employees have access to and how they’re allowed to use it. Additionally, this is a great place to define any banned applications you don’t want on your network.

Compliance Requirements – We mentioned this twice due to its importance. HIPPA, PCI DSS, COPPA, and GDPR are amongst the most common compliance frameworks, with GDPR being primarily for Europe.

Details of Your Network Infrastructure

This is a great time to mention those new smart thermostats your company added last year since they’re also vulnerable to cyberattacks. You’ll want to have a thorough list of every piece of software and hardware that comes in contact with your system.

Pro Tip: It’s always best to have your IT team assist any electricians, HVAC technicians, or any other service personnel with any sort of smart equipment you may want to add to your business. This not only ensures a safer installation but is also another human-level safety measure to prevent unauthorized network access.

Shortlist Your Security Team

Your IT team is the lifeblood of your company. Without the computers running or the internet connection, a business will cease to function. At the same time, not every member of your IT team will be in charge of security due to seniority or education. Having the auditor interview your employees about current security measures will give a better understanding of the overall proficiency of your staff and identify any necessary learning opportunities.

Audits Are Designed to Help, Not Hurt

Performing audits on your network and cybersecurity protocols is a good thing. It helps to isolate problems that may have otherwise gone unnoticed. Assuming your audit goes well, pat yourself on the back and know that your money is being well spent and that your data is safer for it. If there are some shortcomings, use those audit results to fix the issues and develop an even stronger security plan for tomorrow.

 





Cyber Security with Cloud Computing: Is it Necessary?

If there’s one concept in the technology sector that’s often misunderstood, it’s the cloud. Once a hot and trendy new technology, cloud computing has become a daily staple in almost everyone’s life. From smartphone storage for our photos to multi-site data distribution, the power of cloud computing has never been greater or more convenient.

If you’re considering a cloud computing solution for your business, be it storage or otherwise, how do you plan on securing it? If cloud functionality is gained from assumedly secure off-premises infrastructure, is on-premises security really that big of a deal?

The Benefits of Cloud Computing

As more businesses transition various services to the cloud, security is of utmost importance. With the constant threat of security exploits and cyberattacks, the truth is, cloud computing is just as vulnerable as on-premises solutions without proper setup and protective measures.

However, there are many benefits to cloud security that shouldn’t be ignored.

Ease of Administration

Choosing the right cloud platform can help reduce your company’s overall administration efforts since any sort of changes made to resource allocation won’t affect the end-user experience. This is because resource pooling, no matter how distributed, is pushed seamlessly back to your company’s network. This includes changes needed for data storage, performance, and total bandwidth.

Lower Costs

One of the most economical facets of cloud computing is the reduction in investment for dedicated pieces of hardware. Since most if not all data is stored off-site, the need for entire on-site server rooms is eliminated. Likewise, it helps to spare the burden of hardware management for your IT team. This allows them to concentrate on the software side of your business without getting bogged down by hardware maintenance and troubleshooting. Plus, because cloud computing itself has many layers of security, IT team strain is reduced as the cloud computing system is proactively defending itself without the need for human input.

Dependability

While nothing is guaranteed in life, cloud computing has some inherent abilities that on-premises computing doesn’t. Assuming the proper security measures are in place, users will have access to any needed data at any time no matter their device or location.

Centralization

One of the best aspects of the cloud is the ability to have all data stored in one centrally-accessible point. This not only helps make it easy for your team to access data without having to bounce from multiple locations but also makes it easy to secure.

A growing concern amongst companies is shadow IT, which means the use of unauthorized SaaS applications by users on the network. With a centralized cloud platform, IT teams are better able to manage and eliminate unapproved uses like social media apps, music streaming services, and excel macros. Additionally, web filtering and nuisance traffic detection are easier and more focused. This in turn helps to streamline security efforts which ultimately result in faster and safer network performance.

The Security Risks of Cloud Computing

As you can see, there are quite a number of security benefits to cloud computing, not to mention the excellent quality of life features. There are, however, a number of major security risks with cloud computing that can compromise a business instantaneously without a dedicated recovery plan.

Centralized Failure

In 2019, Facebook went down for nearly 24 hours after a technical error shut down most of its apps, including Instagram, WhatsApp, and Messenger. They were attempting a server configuration change that resulted in a chain reaction of effects that couldn’t be remedied before it caused near-catastrophic failures. In a world where most users rely on all of these services, one misstep can mean the difference between smooth sailing and a technical monsoon.

Increased Malware Exposure

Studies show that an astounding 90% of organizations are likely to experience a data breach when moving to cloud computing solutions. One successful malware infection can put a company’s entire dataset into the hands of cybercriminals.

Compliance

In the healthcare world, any transmission of medical data must adhere to HIPPA. This ensures that all healthcare providers are taking the necessary steps to secure and protect the confidentiality of patient data. When we rely on a third party for storage, we’re taking a leap of faith in trusting that entity to maintain proper standards for data handling.

In the financial world, customer payment information is also required to adhere to PCI DSS, a set of guidelines used for processing, storing, and transmitting payment data securely. However, attackers can and will try to breach these security protocols for criminal gain.

Weighing the Risks

While there are many risks to cloud computing — especially against an ever-growing threat of criminals looking to access sensitive data — the pros still outweigh the cons in most cases. In a world that’s always connected, cloud computing continues to prevail as the most efficient way to store and distribute our data. A strong IT team, a thorough data recovery plan, and a standard set of best practices can help to mitigate these risks and pass on the enormous amount of benefits to your employees.









How to Avoid Becoming a Victim of Inadequate Firewall Protection

Having a good understanding of the ways attacks on firewalls are not adequately secured will help stop your business from becoming a victim of malicious activity. Your network firewall is very similar to the front line of an army; it is the first part of your defense system that the hackers will encounter and attack initially. Any oversight on your part regarding your network security firewall and maintenance of your firewall will give you an opportunity to attack and gain access to your business network. (more…)





Top Ransomware Viruses Attacking Businesses Today

Ransomware is one of the most virulent, persistent threats to individuals and enterprises around the globe. Businesses can spend years building up their reputation, including a commitment to the security of their customers, and yet have it torn down in seconds by one ransomware data breach. It’s not just small businesses or ones that don’t have a big budget for tech. From counties containing major cities, like Tillamook County in Oregon, to media law firm Grubman Shire Meiselas & Sacks and California-based Communications & Power Industries (CPI), even the largest enterprises and governments aren’t immune to ransomware.

Today we’re looking at the top five ransomware programs, dangerous and ever-evolving, of the year, and how you can protect your business from attack.

What Is Ransomware, Exactly?

Files Stolen by RansomwareYou’re probably familiar with malware and phishing scams. Ransomware is pretty much what it sounds like – malicious software that demands a ransom. Cybercriminals can block entities, from individuals to global corporations, from accessing their own data by encrypting it with a key only they know. The hackers add extensions to the data to prevent your or your IT team from breaking the encryption, holding it hostage until you pay the demanded ransom. If you don’t, the data may be deleted, leaked, or sold.

Even more worrisome, ransomware may lie dormant in your system and may even be backed up with legitimate files. in these cases, the extortionist can demand a ransom for part of the data, have it paid, and then activate ransomware lurking elsewhere in your servers, shared drives, cloud, or individual computers.

Cybersecurity is like an endless game of cat-and-mouse, with security experts counteracting malicious software and building protective programs and the cybercriminals creating new iterations of the malicious software. Therefore, protecting your company against incursions is an ongoing, complex process.

The Monetary Effect of Ransomware

The financial impact of ransomware is estimated to double year over year, according to TechTarget. The average ransomware payment increased by over 40% in Q4 of 2020. To put that in dollars, payments increased from $154,108 to $220,298 in a three-month span.

Part of the reason for the notable increase in ransomware in 2020 is due to the increase in remote workers, especially since many companies and individuals weren’t equipped to handle the shift. Home users accessing company networks created the biggest vulnerability and thus the surge in cyber attacks. The cyber threat has evolved, and cybercriminals are getting more sophisticated – and more greedy. The current trend is to launch back-to-back attacks on ransomed companies or individuals.

Industries with the most risk for ransomware attacks are those in the BFSI verticals: banking, insurance, and financial services, plus IT, manufacturing (for proprietary information), and government.

The Five Most Dangerous Ransomware Attacks

Maze Ransomware

Example of Ransomware AttackMaze is perhaps the best-known ransomware discovered in May 2019 by Jerome Segura. It’s a global threat that was previously known as “Cha Cha” ransomware and uses exploit kits such as Spelvo and Fallout to deploy its attacks.

It’s an innovative approach and focuses on threats of publishing sensitive information if the ransom isn’t paid. It encrypts all files and threatens internet release. Individuals and companies don’t really have recourse since the damage of leaked information by Maze has already damaged their reputation. Some companies that have fallen victim to Maze include Xerox, Canon, and Cognizant.

REvil Ransomware

This is a file-blocking virus that encrypts a victim’s files and then sends a ransom message. Failure to pay the ransom on time results in the demand being doubled. The REvil cohort actually started an auction site to sell stolen data, which means that companies won’t know who ends up with their sensitive information.

It’s been more infamous for targeting A-list celebrities and threatening to auction their personal information on the Dark Web through their network of auction sites. Some examples of REvil’s stolen data include computer files from Barbara Streisand, Bruce Springsteen, and Bette Midler, along with a legal document of Madonna’s tour contract. Other celebrities who were attacked include Drake, Elton John, and Mariah Carey. While the organization seems to have gone offline recently, it could be simply going quiet.

Ryuk Ransomware

Ryuk ransomware is arguably the biggest “player” in ransomware and certainly one of the most active. This software can access files on a system, files on a device, or even the entire system itself, using encryption until the ransom is paid. It uses TrickBot to infect the system, or software called Remote Desktop, to mirror a user’s device and thereby gain access to the system. Robust algorithms such as RSA and AES use a unique key for each victim and unique keys within the system.

Ryuk’s preferred targets are government agencies and larger companies who can pay large ransoms rather than individuals. EMCOR, a US-based Fortune 500 company, is one of the most notable victims, and the company suffered a loss of some of its IT systems.

Tycoon Ransomware

Tycoon is written in Javascript and targets both Linus and Windows systems, using a Trojanized version of the Java Runtime Environment and uses ImageJ, a Java image format, to disguise itself. It focuses on education and software industries, including SMBs. While it was more aggressive at the beginning of last year, it seems to have slowed.

It uses different techniques to remain hidden. First, it can deny an administrator access to the system and then follow up with an attack on file servers and the domain controller. It’s known for taking advantage of weak passwords or compromised ones, which makes remote workers or those who haven’t changed passwords often especially vulnerable.

NetWalker Ransomware

This is one of the newest ransomware threats. It’s also known as Mailto and targets various victims, from individuals to governments, healthcare organizations, and enterprises. It starts by encrypting all Windows devices connected to the network o fits victims and uses an embedded configuration that includes file names, ransom notes, and several configuration operations.

NetWalker, also known as Mailto, is one of the newest variants of the ransomware family. Various remote working individuals, enterprises, government agencies, and healthcare organizations have reported being attacked by NetWalker last year.

NetWalker spreads in two ways. First, it uses Covid “phishing” emails that contain a VBS script. Then, the executable files spread throughout the recipient’s network.

How Can I Prevent Ransomware Attacks?

Fortunately, ransomware attacks are preventable. Organizations and individuals both can use many of the same tricks, including:

  • Be very careful when clicking links or attachments from unsolicited emails
  • Don’t download “cracked’ software or software from unsecured websites
  • Back up all sensitive data and files in an offline data storage center
  • Update any plug-ins in your software regularly – these are especially vulnerable to cyber attacks
  • Use strong passwords, and avoid reusing passwords

In addition, government organizations and businesses should also focus on areas that may have exposure to ransomware. The owner or IT Director may wish to have an outside cybersecurity consulting firm analyze their network and security protocols, looking for outdated protection and noting any security risks. As a business owner, implement a company culture of security awareness, including limiting access to sensitive files and making employees aware of the danger of password-sharing.

Cyber-resilient company culture and a focus on best practices to prevent cyber attacks – not just from ransomware but other malware – can significantly reduce the risks for ransomware attacks.

Takeaway

The advice from many security companies is not to pay the ransom if you’re a victim. There may be recourses through a network of government agencies. However, the best way to avoid paying ransomware is to protect yourself, your company, and your clients against threats. Implementing stricter security protocols, as well as re-training your staff to embrace proactive measures, can be your best protection.





The Biggest Hacks & Data Breaches of 2021

More than 1,700 publicly reported data breaches occurred in the first half of 2021, exposing 18.8 billion pieces of information, according to a report issued by cybersecurity company Risk Based Security Inc. The effects of a cyberattack can ripple for years, leading to a wide range of costs. Companies face operational disruption, reputational damage, and regulatory fines, among other consequences. In a year where cyberattacks have become more damaging to organizations than ever, we’ve compiled a list of the biggest hacks and data breaches of 2021. Read on to learn more.

 

Microsoft Exchange Server Cyber Attack

 

Microsoft disclosed it was the victim of a cyberattack from a Chinese-linked hacking group known as Hafnium on March 2nd, 2021. The attack exploited a vulnerability in Microsoft Exchange—one of the most popular email software programs in the world—allowing hackers to steal data from an organization’s network, including intellectual property. One of the top cybersecurity events of the year, the attack impacted more than 30,000 organizations across the United States, including private companies, government agencies, and universities. U.S. intelligence officials believe that the data breach was part of China’s artificial intelligence ambitions, though China denies allegations that it carried out the attack. Microsoft has subsequently released “patches” for multiple versions of Exchange, urging customers to apply updates as soon as possible.

 

Automatic Funds Transfer Services Ransomware Attack

 

Seattle-based Automatic Funds Transfer Services, a payment service used by multiple state agencies across the United States, was the victim of a ransomware attack on February 3, 2021. The attack, which was carried out by a cybercriminal organization known as “Cuba,” raises questions about our government’s ability to protect the private data of its citizens. One of many agencies impacted by the data breach was the California Department of Motor Vehicles, which has said the attack may have compromised 38 million vehicle registration records that contain names, addresses, license plate numbers, and vehicle identification numbers. Other organizations impacted by the attack include the Washington cities of Kirkland, Lynnwood, Monroe, Redmond, Seattle, and Port of Everett, among other cities, agencies, and organizations. The cyberattack was discovered when hackers began selling Automatic Funds Transfer Services’ stolen data on their data leak website.

 

Facebook Data Breach

 

On April 3rd, 2021, hackers posted the personal data of over 533 million Facebook users online for free in a hacking forum. The data included phone numbers, full names, locations, email addresses, and biographical information that could be used to identify individuals from 106 different countries, with the United States, the United Kingdom, and India experiencing the highest numbers of exposed records. Although the data is from 2019, this year is the first time it was found to have been posted in an online database. While the leak did not include information such as credit card or social security numbers, security experts warn that hackers could use the data to impersonate people and commit fraud. Facebook released a help center page for users concerned that their data may have been published on sites used by hackers.

 

Scripps Health Ransomware Attack

 

On May 1, 2021, San Diego-based Scripps Health was the victim of a ransomware attack that forced the health system to take a portion of its network offline for several weeks, which significantly disrupted care and forced medical providers to use paper records. The cyberattack cost the five-hospital health system $112.7 million through the end of June. The hackers stole data on nearly 150,000 patients, including addresses, dates of birth, social security numbers, health insurance information, medical record numbers, patient account numbers, and clinical information. Scripps Health is now facing several class-action lawsuits from patients who blame health system leaders for failing to protect their medical data, subjecting patients to potential consequences including identity theft and medical fraud.

 

Colonial Pipeline Ransomware Attack

 

Colonial Pipeline Hack & Gas ShortageOn May 7, 2021, ransom-seeking hackers broke into the Colonial Pipeline, one of the largest fuel pipeline operators in the United States, causing it to shut down its fuel distribution operations. The attack caused widespread shortages and price increases at gas stations along the east coast. It was the largest cyberattack on an oil infrastructure target in the history of the United States, according to energy experts. Colonial Pipeline made the decision to pay $4.4 million to the cybercriminal hacking group DarkSide, which is believed to be operating out of Russia, to contain the attack and turn the 5,500-mile pipeline back on. Authorities later recovered some of that ransom money. The Colonial Pipeline cyberattack exposed how readily critical infrastructure in the United States can be compromised because of inadequate security standards.

 

LinkedIn Data Breach

 

Data associated with 700 million LinkedIn users, or about 92% of the total LinkedIn user base, was posted for sale on the dark web on June 22, 2021. The data include email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn usernames and profile URLs, personal and professional experience, genders, and other social media accounts and usernames. It appears the data was scraped from LinkedIn by bots. According to LinkedIn, the data breach did not include passwords or financial information, but security experts say bad actors can use the personal data records in identity theft scams, or to conduct phishing attacks and targeted social engineering.

 

T-Mobile Data Breach

 

T-Mobile Data Breach

On August 17, 2021, mobile service provider T-Mobile, the third-largest wireless carrier in the United States, announced it had suffered a data breach that exposed the information of more than 40 million current, former, and prospective customers. Some of the stolen data included first and last names, social security numbers, driver’s licenses, and other information. A 21-year old American hacker living in Turkey claims to be responsible for the cyberattack, saying the company’s weak security enabled him to gain access to the information. The breach was one of several attacks on the wireless company in recent years. T-Mobile is now facing a class-action lawsuit over the data breach.

 

Protect Your Organization From Security Threats

 

There are many factors to consider for the security and protection of your company’s data. An organization must determine what security measures will be optimally designed for your specific needs.

Network Coverage understands the reality and challenges facing today’s most vulnerable industries. This is why Network Coverage has assembled a set of technology and business solutions to support your organization in maneuvering through this complex and critical environment.

Set up a consultation with Network Coverage today for experienced advice and support.





Understanding NIST Compliance & Its Benefits

From small businesses to large corporations, cybersecurity remains a top priority. Security protocols are not the exclusive interest of government agencies or international companies. The risk to sensitive information and business interests has developed into a wide-reaching concern. For these reasons, the National Institute of Standards and Technology (NIST), a non-regulatory government agency, has developed various resources to support public and private organizations.

Although a US-based initiative, NIST guidelines have been adopted by organizations throughout the world. Notable organizations utilizing the direction of this agency include JP Morgan Chase, Microsoft, Intel, Bank of England, Telephone Corporation, and the Ontario Energy Board. One of the primary resources developed by NIST is the Cybersecurity Framework. As of 2020, it is projected that 50% of US organizations use the Framework to inform and guide their cybersecurity efforts.

According to NIST, “The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization…to develop a shared understanding of their cybersecurity risks.” In addition to understanding risks, the Framework also supports organizations in reducing these risks through customizable measures.

Many businesses are exploring how to comply with NIST guidelines. They are also exploring what this means to their operations and security. In this article, we discuss an understanding of NIST compliance and its importance to businesses.

Summary of NIST Compliance

Compliance with the directions and infrastructure of NIST ensures that federal agencies also remain in compliance with various other federal regulations. As a result, it is endorsed by the US government, functioning as a standard for the highest level of cybersecurity.

Therefore, the high standards and broad reach of NIST guidelines have been adopted widely by businesses in the US and around the globe. Companies have developed an interest in complying with NIST standards because they represent security best practices applicable to a far-ranging set of industries.

The most widely recognized and adopted strategy is the NIST Cybersecurity Framework. These security guidelines are rooted in improving an organization’s ability to prevent, detect, and respond to diverse cyber threats. Each of these guidelines is customizable to the requirements of a company. The Framework is made up of three parts: Framework Core, Implementation Tiers, and Framework Profile.

The Framework Core is a set of co-occurring functions that a business can follow for its security infrastructure. It is comprised of five core functions: Identify, Protect, Detect, Respond, and Recover. Implementation Tiers provide a range of four tiers representing how well the Framework is exhibited in an organization’s cybersecurity risk management practices. And the Framework Profile is offered to assist organizations in determining their progress based on their specific requirements and needs.

Making NIST compliance work for your business

NIST offers numerous resources that can be applied flexibly to your business based on your specific requirements. The Cybersecurity Framework, NIST’s most widely used resource, is a set of guidelines that can be sifted to determine what works best for your business’s needs. You can use each function of the Framework or identify which parts are most ideal. For example, the third part of the Framework focuses on developing a target profile for your company.

These target profiles are comprised of categories and subcategories that can be applied based on your circumstances. In addition to establishing your goals using the Framework Profile, you can also work through the Framework Core. These Core measures are the active procedures your company can take to identify, detect, and respond to cybersecurity incidents.

The final function of the Framework Core is a measure to recover from these incidents. While your company is engaging these co-occurring functions, the Framework will also assist in identifying how well you are implementing the guidelines. The Implementation Tiers portion of the Framework will support your business in identifying where gaps in your efforts exist and how to install strategies to address the shortcomings. Beyond the Framework, NIST also offers further resources for your company to expand, which they have identified as NIST 800-53 or an ISO standard.

The Benefits of Complying with NIST

Ultimately, complying with NIST guidelines offers your business confidence against cybersecurity threats. You will be provided a way to identify and assess your risk, and you will gain clarity on how to respond and bounce back from incidents. The immediate benefits are protection against cyberattacks, malware, ransomware, and various other cyber threats.

However, your business can also avoid the severe costs associated with security risks. This may result from avoiding direct theft, or it may result from the time saved to eliminating the risk altogether. A business also stands to diminish the impact of lost or compromised data. Securing sensitive information is critical to the operations of a business, but it also maintains a favorable and trustworthy reputation with your customers. NIST compliance can also assist in thwarting the legal trouble that can be associated with cybersecurity incidents.

Compliance with NIST and the Cybersecurity Frame cannot offer complete assurance of security. They are guidelines for developing a sounder strategy. But the NIST resources are only one step. Companies still need to develop comprehensive cybersecurity programs involving constant web monitoring, security policies, and ongoing training for employees.

Resources

The NIST Cybersecurity Framework has developed into a viable asset for numerous types and sizes of public and private organizations. However, it can be a complex system to understand or integrate into your operations.

Also, there are many factors to consider for the security and protection of your company’s data. An organization must determine what security measures will be optimally designed for your specific needs.

Network Coverage understands the reality and challenges facing today’s most vulnerable industries. This is why Network Coverage has assembled a set of technology and business solutions to support your organization in maneuvering through this complex and critical environment.

Set up a consultation with Network Coverage for experienced advice and support.