Posts

Cost of Cyber Attacks: One Company’s Worst-Case Scenario

Cyber attacks are becoming increasingly common, and cybercriminals see small to medium-sized businesses as prime targets. The devastating consequences of a cyber attack can be long-lasting and far-reaching, as demonstrated by the chilling story of Expeditors, a logistics company that fell victim to a ransomware attack in 2022 and discovered the true cost of cyber attacks.

[ez-toc]

cost of cyber attacks

The Immediate Effects of Expeditors’ Cyber Attack

The ransomware that hit Expeditors left their data and infrastructure at risk, forcing them to halt operations. The immediate effects of the attack were catastrophic, resulting in $47 million in lost revenue, overages, and payouts to customers. Additionally, the company spent $18 million on remediation and recovery efforts, further impacting its bottom line.

Ongoing Impacts: The 2023 iRobot Lawsuit

The fallout from the cyber attack didn’t end with the initial shutdown. In February 2022, Expeditors CIO Christopher J. McClincy said, “The cyber-attack limited our ability to arrange shipments or manage customs and distribution activities, or to perform certain accounting functions, for approximately three weeks after the attack.” Later in the statement, he added, “We continue to navigate residual effects.”

Then in 2023, the company was hit with a lawsuit from iRobot, one of their biggest customers. The lawsuit claims “Expeditors’ own inattentiveness and negligence exposed its systems to attack, and Expeditors lacked and/or failed to implement the necessary business continuity plan to ensure that it could continue providing services to iRobot.”

This legal action added to the ongoing financial impact faced by the company and reignited news stories about the attack—likely impacting the company’s reputation with potential clients, current clients, partners, investors, and other stakeholders.

What’s Your Risk Exposure?

The story of Expeditors should serve as a stark example of the increasing threat that cyber attacks pose to all businesses, but especially to small and mid-sized companies. According to a recent report, 47% of all U.S. businesses suffered some kind of cyber attack in 2022. At the same time, another report found that companies with less than 1,000 employees are three times as likely to be the target of a cyber attack as larger businesses like Expeditors.

Cybersecurity experts say that it’s not if a company will be a target, but when. In fact, a study of penetration testing results found that cybercriminals can penetrate 93 percent of company networks.

Invest in Proactive Measures

Small to medium-sized businesses are seen as easy targets by criminals since they often invest less in cybersecurity and lack security expertise. Cybercriminals understand this and take advantage of these weaknesses, using techniques like phishing, malware, ransomware, and other malicious tactics to gain access to sensitive data or disrupt operations. As a result, it is essential for businesses to invest in robust cybersecurity solutions that can help protect them from cyberattacks.

However, according to the Cyberspace Solarium Commission, many “cybersecurity budgets at U.S. organizations are increasing linearly or flat” when they should be growing in response to the exponential growth of cyber threats.

Best Practices to Mitigate the Risk from Cyber Attacks

Investing in multi-layered cybersecurity is the surest way to keep you and your company out of the headlines. By implementing cybersecurity solutions utilizing best practices, businesses can significantly reduce the likelihood and severity of a cyber incident.

Some key strategies include:

  1. Investing in robust security solutions: Deploying firewalls, real-time monitoring, and intrusion detection systems can help identify and prevent unauthorized access to your network and data.
  2. Regularly updating and patching systems: Keeping software and systems up to date ensures protection against known vulnerabilities, making it more difficult for cyber criminals to exploit your systems.
  3. Implementing strong access controls: Restricting access to sensitive data and systems through multi-factor authentication and the principle of least privilege minimizes the risk of unauthorized access.
  4. Educating employees on cybersecurity best practices: Regular training on topics such as recognizing phishing emails and creating strong passwords can reduce the risk of employees inadvertently compromising your network.
  5. Developing a comprehensive incident response plan: A well-defined incident response plan outlines the steps to be taken during a breach, including containing the incident, assessing the damage, and recovering from the attack.

By learning from the Expeditors case study and prioritizing cybersecurity, businesses can better protect themselves from the devastating consequences of cyber attacks and ensure long-term success. Protect your business from cyber threats with a comprehensive security risk assessment that can help identify any areas of vulnerability and provide guidance on best practices to shield your organization.

by
security vs compliance

Security vs. Compliance: Differences & Similarities (2023)

Security and compliance are often used interchangeably in IT, but that is actually a misnomer as they are not equivalent. So, just what are the differences between security vs. compliance?

[ez-toc]

security and compliance

Security Vs. Compliance

In understanding security vs. compliance, it’s important to recognize that they are both equally important but for varying reasons. Whereas security drivers are related to mitigating business risks, compliance drivers are regulatory or legal in nature. Compliance and security have similar objectives around managing risks and securing sensitive data and systems. However, they have different processes and workflows to accomplish these goals.

Compliance involves applying regulatory standards to meet contractual or third-party regulatory requirements.  In contrast, security constitutes the implementation of adequate technical controls to protect digital assets from cyber threats.

Still, again, they are similar but not equal. So why is the distinction between security and compliance important? It is significant because implementing one without the other could lead to devastating consequences for your company.

Cybersecurity

That’s the motivation behind implementing cybersecurity—the desire to protect the confidentiality, integrity, and availability of company assets through security controls and best practices.

IT security is unique to each organization—the measures set by one entity may be entirely different from those of another. Security focuses on comprehensively mitigating any risk that may threaten an organization’s data confidentiality, availability, and integrity—it relates to all the electronic and physical data of an organization and not just those covered by compliance.

We don’t walk around with our bank account or social security numbers on our foreheads—that would be reckless. Instead, we do our best to secure sensitive information from individuals who want to steal it because securing valuable data is a prudent action to reduce the associated risks of identity theft and drained bank accounts.

Cybersecurity acts the same way. Recognizing the risks, smart business leaders choose to secure assets to protect their business from harm and keep their business. The fallout from inadequately securing business assets can lead to loss of business revenue, costly lawsuits and settlements, theft of intellectual property and proprietary information, reputational loss, inability to operate, and business shutdown.

Related Content →  Evaluate your security readiness with our  Cybersecurity Checklist.

Compliance

The confusion between the two functions arises because the outcomes from implementing compliance measures often overlap with implementing security measures. However, the motivation behind organizational compliance is to ensure that obligations and requirements are satisfied to avoid negative consequences and ensure business viability.

These external compliance requirements and standards include a range of often intersecting and complicated networks of government, industry, financial, and even customer requirements. Cybersecurity is often a small part of a greater set of requirements. Examples include:

  • Self-regulatory organizations like PCI Security Council (PCI DSS) and Financial Industry Regulatory Authority (FINRA)
  • Governmental bodies like the U.S. Securities and Exchange Commission (SEC)
  • Government regulations, including Gramm-Leach-Bliley Act (GBLA), FTC Safeguard Rule, Sarbanes-Oxley (SOX)
  • Privacy standards, including HIPAA/HITECH, GDPR, CCPA
  • Technical Standards and Certifications, including ISO27001, SOC2
  • Control frameworks, including NIST CSF, CIS Critical Security Controls
  • Client SLAs
  • Due Diligence requests (DDQ)
  • And more depending on your industry and other factors.

Looking at the worst possible outcomes, the legal and financial ramifications of non-compliance with these and other standards would lead to your organization paying hefty fines and penalties, facing costly lawsuits, being blocked from working in certain locations and industries, not being able to take payments, loss of financing and investors, not being able to acquire insurance, and more.

Related Content → What is Governance, Risk, and Compliance?

Security vs. Compliance the Big Picture

The reality is that neither IT security nor compliance lives in a vacuum. Instead, they are complementary—symbiotic even. They successfully function from a mutually beneficial association that enhances and reinforces the benefits of each other. One without the other would be like trying to make water without oxygen or hydrogen.

Being compliant with a specific set of standards is not the same as having an effective and robust information security system. Compliance simply measures whether your security protocols meet a given set of one-size-fits-all security standards at a given point in time.

A robust security system makes it easier for an organization to meet compliance standards since most of the needed controls will already be in place. All that would remain to attain compliance would be documentation work and adherence to industry-specific policies.

It’s All About Managing Risk

The real question every business leader should be asking is how to leverage both security and compliance to reduce exposure and risk. Compliance establishes a comprehensive baseline for covering an organization’s overall posture. At the same time, security practices build on that baseline to ensure that the business is protected from every angle.

It’s all about risk. Or, more accurately, reducing risk. And security combined with compliance is the one-two punch every business needs to minimize risk and protect assets.

For companies of any size, Governance, Risk, and Compliance (GRC) is about aligning cyber and information technology with business objectives, while managing risk and meeting regulatory compliance requirements. Therefore, an effective GRC strategy is essential because it pulls together the complexity of various risk, compliance, and governance functions into a single strategy.

Successful companies address cyber risk in a business context. From that point of view, avoiding fines and data breaches are preferable. In establishing and implementing compliance and security, smart leaders treat them as a risk-management concern and not just an “IT problem.” Integrating your security and compliance teams into your risk assessment program will lead to mutually assured success.

Additionally, certain industries, like financial services and life sciences, have overlapping requirements originating from a variety of sources which can make fore a complicated matrix to follow. Working with an IT vendor who specializes in your particular industry is ideal to ensure compliance across all regulations.

Choosing the right security and compliance solutions is also critical. Operating with a “checkbox” approach to either compliance or security will lead your organization toward a rocky future. Instead, focus on developing and adhering to robust policies and choosing the right solutions based on your industry needs, risk assessment, and business goals to satisfy and streamline your compliance and security activities.

by
How to Avoid Increased Risk from Phishing Attacks

How to Avoid Increased Risk from Phishing Attacks After SVB Shutdown 

Reports of cybercriminals registering suspicious domains after the Silicon Valley Bank shutdown indicate potential coordinated campaigns to trick account holders and users across industries, including tech, life sciences, and investment firms. Learn how to avoid these phishing attacks.

[ez-toc]

 

What is a common indicator of a phishing attempt

 

Since the news about Silicon Valley Bank (SVB) dropped, much of the focus has been on how the shutdown happened and the implications for the industry and the economy at large. However, amidst the worry about the impacts lies another danger—the risk of increased cyber-attacks, particularly from phishing attempts and other social engineering. Of course, it is essential always to remain vigilant, but bad actors often take advantage of opportunities like this to ramp up their efforts.

A sudden change in business procedures can create a vulnerable window of opportunity for cybercriminals to launch malicious campaigns. As we’ve seen with other incidents, attackers have taken advantage of any vulnerabilities arising from the disruption to perpetrate attacks on other companies.

It has been reported that cybercriminals have been registering suspicious domains after the Silicon Valley Bank shutdown that can be used in coordinated campaigns to trick end-users into sharing sensitive information.

With this in mind, organizations must remain extra vigilant for phishing attempts and other social engineering tactics during times of uncertainty that cybercriminals can exploit.

How to Avoid Phishing Attacks?

Here are some tips to help your firm avoid phishing attacks:

  • Expect an increase in phishing, social engineering, and phone calls and email attempts to gain access to your data and accounts.
  • Attackers will use language to appeal to your emotions. For example, click this now, urgent, your money is running out, etc.
  • Finance teams must carefully verify and validate any account changes or new account requests.
  • Implement multifactor authentication if your organization does not already employ it.
  • Ensure that employees are aware of the increased risk and ensure they can recognize social engineering and phishing attempts.
  • Follow up with a regular training program for end-users to ensure employees are always ready to identify the latest tactics utilized by cyber attackers.

What is a common indicator of a phishing attempt?

  • Here are some of the usual signs of an email phishing attempt. Often phishing schemes will include several of these markers.
  • An email sent from an address that does not match the domain associated with the sender. For example, if you receive an email from someone claiming to be from SVB but with a different domain name in the “from” field, this should be a red flag.
  • Emails with misspelled words and grammatical or syntax errors could also signal a malicious attempt.
  • Emails that include links or attachments should be carefully scrutinized. It is always best to err on the side of caution and not click links or open attachments until you can confirm that they are from a trusted source.
  • Unsolicited emails that ask for or direct you to a link or document asking for personally identifying information (PII) like passwords, wire transfer details, login credentials, or other sensitive data should be treated with extreme caution.
  • Finally, if an email contains a sense of urgency, includes offers of immediate assistance, or requests payment now, this could be a sign of a phishing attempt. Again, be sure to take the time to independently verify the request before taking any action.

If you encounter any of these signs, it is best to flag the email and alert your IT department immediately. Taking precautions to protect yourself from phishing attempts is critical in safeguarding your company’s data.

Related Content: Why are Phishing Emails so Dangerous, and How Can You Spot Them?

It is essential to remain vigilant when there is heightened risk from cyber criminals taking advantage of a highly volatile situation like SVB’s recent closure. By following best practices such as implementing multifactor authentication, conducting end-user training, and relying on a multilayered cybersecurity program, you can protect your business from cyber criminals looking to take advantage of the uncertainty during this and the next inciting incident.

by
Lessons Learned from Data Breaches

Lessons from the Biggest Data Breaches in 2022

Data Breaches 2022 Humans tend to move on to the next big thing quickly, and with rapidly changing security and regulatory environments, CISOs are no different. We all face new challenges daily, but as we focus on the latest priority in front of us, we must also remember to look back and revisit previous events to ensure we’re practicing hard lessons learned.

Thousands of hacks and data breaches have been reported this year, with victims ranging from public and private companies to local governments and school districts. However, several breaches stand out to me, and now that the dust has settled on them, I think they warrant a deeper dive to uncover what lessons can be gleaned from them.

In this post, I’ll share the story of three data breaches and highlight the salient details you need to know to protect your organization in this age of cybercrime.

Three Significant Data Breaches in 2022

  1. The Okta Breach

Okta works with several partners to help manage its enterprise. Hackers targeted an employee of one of these partners, the Sitel Group, who had privileged access to provide customer service to Okta clients and data. That account was empowered to reset passwords and reset multifactor authentication.

The Sitel Group serves many more customers than Okta. To perform their jobs, support staff often need administrative privileges in their customer’s environment. The attack highlights the increased risk of outsourcing access to your organization’s internal environment.

  1. The Microsoft Breach

In March, Microsoft revealed that an employee account was compromised, which granted hackers “limited access” to Microsoft’s systems and allowed the theft of the company’s source code. Microsoft referenced the hackers’ use of “social engineering and identity-centric tactics” in a blog post detailing the breach. This attack illustrates why training employees about phishing and other social engineering tactics is so important.

  1. The Nvidia Breach

Nvidia, one of the world’s largest graphics processing unit (GPU) manufacturers, was breached in a cyberattack that resulted in the theft and release of over a terabyte of proprietary data and over 71,000 employee credentials. In a statement after the breach, an Nvidia spokesperson did not disclose how hackers were able to gain access, only referring to the attack as a “cybersecurity incident,” but a well-known hacking group quickly took credit for the attack.

What Do These Attacks Have in Common?

It is no coincidence that I am looking back at these three cyber events. The hacks were all claimed by a hacking group known as the Lapsus$ group. Lapsus$ claimed responsibility for the Okta breach, the Microsoft breach, and the breach of Nvidia, among other high-profile targets. The most surprising piece of information about that group is it’s allegedly run by a group of teenagers.

Lessons to be Learned from Teenagers?

The tactics used by the Lapsus$ group are wholly unsophisticated but have still proven time and time again to be effective. The good news is that because their tactics are easily thwarted, organizations have plenty of opportunities to avoid getting hacked by following best practices.

  • Lesson #1: Lapsus$ primarily relied on social engineering schemes to gain access to a target directly or seek access via an organization’s supply chain or service providers. The group claimed that its goal was financial and that it had no political agenda; however, its chaotic approach caused just as destruction in its pursuit of exploiting data.
  • Lesson #2: The Lapsus$ group’s attacks should be a reminder that even the most robust cyber defenses can be circumvented if attackers exploit weak links in the chain. These weak links can be found in both the technical and human domains, but the likeliest way for hackers to gain access is via end-users. As a result, organizations need to be vigilant in educating employees about cyber threats and how to identify and avoid them.
  • Lesson #3: Third-party risk management is also critical in protecting against the type of supply chain attack used against Okta. Companies need to vet their service providers and have security protocols in place to prevent attackers from exploiting these relationships to gain access to sensitive data.

Related Content →  What’s a Supply Chain Attack? Watch the video to learn more.

  • Lesson #4: Additionally, the Lapsus$ group’s attacks show that even small groups of relatively primitive attackers can cause much damage. This fact should be a reminder that organizations must be prepared for all threats, not just those from well-funded and well-developed cybercriminals.

It is important to remember that breaches can and will happen, whether perpetrated by Lapsus$ or other sources, and your company’s response can make all the difference in whether it will survive unscathed. The risk of lost revenue, fines and penalties, and reputational damage require that your company set and follow disaster response and recovery plans.

Reduce Your Risk from Data Breaches?

There are a variety of actions your firm can take to reduce your risk of being hacked, but here are a few key points to keep in mind:

  • Employ multifactor authentication.
  • Review all critical users’ access levels.
  • Perform due diligence for service providers and third-party vendors.
  • Conduct tabletop exercises to identify possible gaps in controls and training. For example, if an internal employee shared their credentials with an attacker, how could you tell?
  • Take care of your employees. Disgruntled employees are more susceptible to bribes.

Data Breaches 2022

Related Content →  Evaluate your security readiness with our  Cybersecurity Checklist.

Next Steps

Lapsus$’s attacks are a reminder that cyber defenses can be circumvented if attackers can exploit the weakest links in the chain. The best defense is to employ a multilayered cybersecurity solution that includes end-user training, comprehensive security policies and protocols, incident response planning, regular security audits, and more.

In today’s digital world, data is the new currency. And like any other type of currency, it needs to be protected from those who would exploit it. Unfortunately, the Lapsus$ group is just one example of the many cyber criminals out there looking to profit from the data of others.

Whether you work with an internal team or outsource your IT functions, employing robust cybersecurity solutions and regularly reviewing them against your risk profile is critical. Reach out to our security professionals for help evaluating your cybersecurity program to find gaps and areas that need improvement. Implementing security controls is not “set it and forget it” but must routinely be assessed to match the needs of your business and the external challenges of today’s cyber landscape.

JasonAbout Jason

Jason Martino is passionate about the intersection of security and compliance. He is responsible for Coretelligent’s internal cybersecurity programs, governance, risk, compliance activities, and educating staff and customers on an ever-evolving threat landscape.

by
life science cybersecurity

Understanding Common Vulnerabilities Facing Life Sciences

As the life sciences industry evolves, so do the cybersecurity threats it faces. Cybercrime has risen dramatically in recent years, and life science organizations are increasingly the target of these cyber threats. Access to personal information and sensitive, proprietary business information make the life science industry an attractive option for cybercriminals.

However, being aware of critical vulnerabilities can help keep your organization a step ahead of those looking to exploit them. Below are some of the most common vulnerabilities facing the life sciences industry today.

Keeping Pace with Growth:

Life sciences organizations often undergo rapid growth as they transition from the investigational stage to market launch. As the company grows, so do opportunities for cyber threats that target employees due to the increased staff size needed to meet the growing company’s needs. A critical vulnerability comes when companies are unprepared to scale up their cybersecurity, compliance, and IT plans to match their growth. Establishing an IT roadmap can help minimize vulnerabilities associated with rapid growth.

Maintaining Compliance:

The high level of regulation in the life science industry can make maintaining compliance difficult. There are compliance rules and regulations on storing the organization’s data and the secure transference of said data to outside entities if needed. However, in many cases, simply maintaining compliance isn’t enough, as the regulations are frequently evolving to further protect personal data, preserve patient safety, and maintain a considerable level of transparency. Due to this evolution, life sciences organizations must be ready to pivot quickly to maintain overall compliance.

Protecting Intellectual Property:

Intellectual property (IP) is invaluable to a life science organization. A cybersecurity breach that leads to the theft of IP can be detrimental to the organization’s market value and competitive stance. Reliance on external contractors and partners, who often have access to sensitive networks that house intellectual property, poses a significant potential vulnerability—especially for smaller partner organizations that may not have robust cybersecurity defenses and processes.

Business Continuity:

Events of recent years have served as a wake-up call for organizations in life sciences to re-evaluate business continuity plans. Is your organization prepared for the next major catastrophe it will face? Risks are particularly acute for the life sciences industries due to the nature of the data housed within them. Being caught unaware or unprepared can expose vulnerabilities that cybercriminals can take advantage of. While it isn’t always possible to anticipate future events that could threaten normal business functions, it is possible to create a plan preemptively to minimize the impact of these events and continue serving customers.

With a solid background in supporting life science organizations at all stages of growth, the experts at Coretelligent have the knowledge and experience required to address any needs you may have. Our team of technical and business professionals will support each stage of your journey from inception to IPO, ensuring that you have the solutions and support needed to fuel your growth. Contact us today at 855-841-5888 or fill out our online form.

 

by
Financial Services Vulnerabilities

Identifying Common Financial Services Vulnerabilities

Financial services institutions have long been a top target for cyber threats. Access to a large amount of sensitive and confidential information makes the financial sector a target-rich environment for cyberattacks. In addition to mitigating cybersecurity threats, financial firms must also prioritize maintaining and strengthening compliance. These balance of these two priorities presents a unique set of challenges for companies in financial services.

With the inherent diversity of the financial services sector and the shifting cybersecurity and compliance landscape, identifying a one-size-fits-all set of vulnerabilities for all financial services institutions is impossible. However, there are common vulnerabilities to be aware of.

  • Reactively Evaluating Current Cybersecurity Posture:

    Institutions cannot address cybersecurity and compliance vulnerabilities of which they are unaware. Moreover, leaving these vulnerabilities unaddressed can have costly consequences. If unaddressed until an incident occurs, institutions have no choice but to utilize a reactive approach that can leave the business facing outages and shaken customer confidence. Instead, financial service firms should consider taking a proactive approach. By utilizing Coretelligent’s Cybersecurity Evaluation Checklist designed for financial services as a jumping-off point, financial service firms can do an initial assessment of existing vulnerabilities to discuss with a managed service provider (MSP).

  • Ransomware Attacks:

    As the world continues to become more digitally integrated, opportunities for ransomware attacks grow exponentially. In a ransomware attack, attackers use malware to gain access to your organization’s systems or data and hold that data until a ransom is paid by the organization. The results of these attacks are devastating. In addition to the price of the ransom, there are legal fees and other costs associated with damage control, as well as potential loss of data.

  • Access Vulnerability:

    Flaws in various levels of access to information can leave sensitive data exposed and vulnerable for attackers. Cybersecurity integration is key across all divisions and at all levels of access in an organization. Cybercriminals will seek to exploit any weaknesses identified at any level, regardless of the internal structure of the business.

  • Managing Compliance:

    The evolution of information technology has increased the compliance burden on the financial services industry. Financial service organizations are amongst the most regulated business segments in the U.S. However, simply maintaining compliance may no longer be enough. Instead, actively managing compliance risk and strengthening compliance overall is key in earning customer confidence and avoiding costly penalties.

  • Business Continuity:

    What comes next if the worst happens and a cyberattack hits your company? Is your data backed up safely? How quickly would you be able to restore access to users? A proactive and dynamic backup and disaster recovery solution is critical for preventing business interruption and loss of essential data, which could trigger a compliance violation. Off-the-shelf, onsite backup solutions often do not provide the level of performance required to meet the needs of financial and investment organizations. It is vital to establish a solution before an outage to ensure timely recovery and minimize interruption time for clients.

Addressing security and compliance vulnerabilities may seem challenging, but Coretelligent can help. Working with Coretelligent means working with an IT partner who understands both the security and compliance needs of the financial services sector. Contact us today at 855-841-5888 or fill out our online form.

by