vulnerabilities

Don’t Skip It! Why You Shouldn’t Skip Regular Vulnerability Assessments For Your Company

June 18, 2024

Cyber threats are a perpetual reality for business owners. Hackers are constantly innovating. They devise new ways to exploit vulnerabilities in computer systems and networks.

For businesses of all sizes, a proactive approach to cybersecurity is essential. One of the most crucial elements of this approach is regular vulnerability assessments. A vulnerability assessment is a systematic process that identifies and prioritizes weaknesses in your IT infrastructure.

Some businesses may be tempted to forego vulnerability assessments. They might think it’s too costly or inconvenient. Small business leaders may also feel it’s just for the “big companies.” But vulnerability assessments are for everyone.

Why vulnerability assessments matter

The internet has become a minefield for businesses. Cybercriminals are constantly on the lookout for vulnerabilities to exploit. Once they do, they typically aim for one or more of the following:

Gain unauthorized access to sensitive data
Deploy ransomware attacks
Disrupt critical operations

Here’s why vulnerability assessments are crucial in this ever-evolving threat landscape:

Unseen Weaknesses: Many vulnerabilities remain hidden within complex IT environments.
Evolving Threats: Experts discover new vulnerabilities all the time. Regular assessments ensure your systems are up to date.
Compliance Requirements: Many industries have regulations mandating regular vulnerability assessments.
Proactive Approach vs. Reactive Response: Identifying vulnerabilities proactively allows for timely remediation. This significantly reduces the risk of a costly security breach. A reactive approach is where you only address security issues after an attack.

The high cost of skipping vulnerability assessments

Data Breaches – Unidentified vulnerabilities leave your systems exposed.
Financial Losses – Data breaches can lead to hefty fines and legal repercussions as well as the cost of data recovery and remediation.
Reputational Damage – A security breach can severely damage your company’s reputation. It can erode customer trust and potentially impact future business prospects.
Loss of Competitive Advantage – Cyberattacks can cripple your ability to innovate and compete effectively. This can hinder your long-term growth aspirations.

The benefits of regular assessments

Improved Security Posture: Vulnerability assessments identify and address vulnerabilities.
Enhanced Compliance: Regular assessments help you stay compliant with relevant industry regulations.
Peace of Mind: Knowing your network is secure from vulnerabilities gives you peace of mind.
Reduced Risk of Costly Breaches: Proactive vulnerability management helps prevent costly data breaches.
Improved Decision-Making: Vulnerability assessments provide valuable insights into your security posture.

Vulnerability assessments are not a one-time fix. Your business should conduct them regularly to maintain a robust cybersecurity posture. By proactively identifying and addressing vulnerabilities, you can significantly reduce your risk of cyberattacks.

Top Data Breaches Of 2023: Numbers Hit An All-time High

February 20, 2024

The battle against cyber threats is an ongoing challenge. Unfortunately, 2023 has proven to be a watershed year for data breaches. Data compromises surged to an all-time high in the U.S.

The last data breach record was set in 2021. That year, 1,862 organizations reported data compromises. Through September of 2023, that number was already over 2,100.

In Q3 of 2023, the top data breaches were:

• HCA Healthcare
• Maximus
• The Freecycle Network
• IBM Consulting
• CareSource
• Duolingo
• Tampa General Hospital
• PH Tech

Let’s look at the main drivers of this increase.

The size of the surge

Data breaches in 2023 have reached unprecedented levels. The scale and frequency of these incidents emphasize the evolving sophistication of cyber threats as well as the challenges organizations face in safeguarding their digital assets.

Healthcare sector under siege

Healthcare organizations are the custodians of highly sensitive patient information. As a result, they’ve become prime targets for cybercriminals and hackers looking to exploit personal information.

Ransomware reigns supreme

Ransomware attacks continue to dominate the cybersecurity landscape. The sophistication of this threat has increased.

Supply chain vulnerabilities exposed

Modern business ecosystems have an interconnected nature. This has made supply chains a focal point for cyberattacks. The compromise of a single entity within the supply chain can have cascading effects.

Emergence of insider threats

The rise of insider threats is adding a layer of complexity to cybersecurity. Organizations must distinguish between legitimate user activities and potential insider threats.

IoT devices as entry points

The proliferation of Internet of Things (IoT) devices has expanded the attack surface. There’s been an uptick in data breaches originating from compromised IoT devices.

Critical infrastructure in the crosshairs

Critical infrastructure has emerged as a prime target for malicious actors seeking to wreak havoc and sow chaos. From power grids and transportation systems to financial institutions and healthcare facilities, the vital systems that underpin modern society have found themselves squarely in the crosshairs of cyber attackers.

The role of nation-state actors

Nation-state actors are entities sponsored or supported by governments to engage in cyber activities, including espionage, sabotage, and other malicious actions, often for political, economic, or strategic purposes.

These actors operate with the resources, capabilities, and backing of a nation-state, allowing them to conduct highly sophisticated and coordinated cyber campaigns.

Nation-state actors are increasingly playing a role in sophisticated cyber campaigns. They use advanced techniques to compromise sensitive data and disrupt operations.

The need for a paradigm shift in cybersecurity

The surge in data breaches underscores the need to rethink cybersecurity strategies.

Collaboration and information sharing

Collaboration among organizations and information sharing within the cybersecurity community are critical. Threat intelligence sharing enables a collective defense against common adversaries.

Cybersecurity Skeletons In Your Business’ Closet

October 13, 2023

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Let’s dive into a topic that might give you the chills – cybersecurity skeletons in your company’s closet.

You may not have old skeletons hidden away in the basement, but there’s a good chance of cybersecurity vulnerabilities lurking in the shadows. Just waiting to wreak havoc.

You can’t fix what you can’t see. It’s time to shine a light on these hidden dangers, so you can take action to protect your business from potential cyber threats.

Here are some of the most common cybersecurity issues faced by small and mid-sized businesses:

Outdated software: The cobweb-covered nightmare

Running outdated software is like inviting hackers to your virtual Halloween party. [Read more…] about Cybersecurity Skeletons In Your Business’ Closet

Zero-Click Malware Is The Latest Cyber Threat

August 17, 2023

In today’s digital landscape, cybersecurity threats continue to evolve. They pose significant risks to individuals and organizations alike.

One such threat gaining prominence is zero-click malware. This insidious form of malware requires no user interaction. It can silently compromise devices and networks.

One example of this type of attack happened due to a missed call. That’s right, the victim didn’t even have to answer. This infamous WhatsApp breach occurred in 2019, and a zero-day exploit enabled it. The missed call triggered a spyware injection into a resource in the device’s software.

A more recent threat is a new zero-click hack targeting iOS users. This attack initiates when the user receives a message via iMessage. They don’t even need to interact with the message of the malicious code to execute. That code allows a total device takeover.

Understanding zero-click malware

Zero-click malware refers to malicious software that can do a specific thing. It can exploit vulnerabilities in an app or system with no interaction from the user. It is unlike traditional malware that requires users to click on a link or download a file.

The dangers of zero-click malware

Zero-click malware presents a significant threat. This is due to its stealthy nature and ability to bypass security measures. Once it infects a device, it can execute a range of malicious activities including:
• Data theft
• Remote control
• Cryptocurrency mining
• Spyware
• Ransomware
• Turning devices into botnets for launching attacks

This type of malware can affect individuals, businesses, and even critical infrastructure. Attacks can lead to financial losses, data breaches, and reputational damage.

Fighting zero-click malware

To protect against zero-click malware, it is crucial to adopt two things. A proactive and multilayered approach to cybersecurity. Here are some essential strategies to consider:

Keep software up to date

Regularly update software, including operating systems, applications, and security patches. This is vital in preventing zero-click malware attacks. Software updates often contain bug fixes and security enhancements.

Put in place robust endpoint protection

Deploying comprehensive endpoint protection solutions can help detect and block zero-click malware. Use advanced antivirus software, firewalls, and intrusion detection systems.

Use network segmentation

Segment networks into distinct zones. Base these on user roles, device types, or sensitivity levels. This adds an extra layer of protection against zero-click malware.

Educate users

Human error remains a significant factor in successful malware attacks. Educate users about the risks of zero-click malware and promote good cybersecurity practices. This is crucial.

Encourage strong password management. As well as caution when opening email attachments or clicking on unfamiliar links.

Use behavioral analytics and AI

Leverage advanced technologies like behavioral analytics and artificial intelligence. These can help identify anomalous activities that may indicate zero-click malware.

Conduct regular vulnerability assessments

Perform routine vulnerability assessments and penetration testing. This can help identify weaknesses in systems and applications.

Uninstall unneeded applications

The more applications on a device, the more vulnerabilities it has. Many users download apps then rarely use them. Yet they remain on their device, vulnerable to an attack.

Only download apps from official app stores

Be careful where you download apps. You should only download from official app stores. And always keep your apps updated using your device’s app store application.

The Biggest Vulnerabilities Hackers Are Currently Exploiting

October 28, 2022

Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more.

It’s like a game of “whack-a-mole” to keep your systems secure.

Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable.

82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities.

What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA). Make sure to patch any of these vulnerabilities in your systems.

Microsoft Vulnerabilities

CVE-2012-4969: An Internet Explorer vulnerability that allows the remote execution of code.
CVE-2013-1331: This Microsoft Office flaw enables hackers to launch remote attacks.
CVE-2012-0151: This Windows vulnerability allows user-assisted attackers to execute remote code.

Google Vulnerabilities

CVE-2016-1646 & CVE-2016-518: These Chrome & Chromium engine vulnerabilities both allow attackers to conduct denial of service attacks.

Adobe Vulnerabilities

CVE-2009-4324: This is a flaw in Acrobat that allows hackers to execute remote code via a PDF file.
CVE-2010-1297: A Flash Player vulnerability that allows remote execution and denial of service attacks. (Flash Player is no longer supported, so you should remove it).

Netgear Vulnerability

CVE-2017-6862: This router flaw allows a hacker to execute code remotely.

Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added at https://www.cisa.gov

How do you keep your network safe from these and other vulnerabilities? You should patch and update regularly. Work with a trusted IT professional (like us) to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.

Six Technology Tools You Shouldn’t Use Any Longer

September 30, 2022

One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out. New tools replace those that are obsolete. Discontinued technology can leave networks vulnerable to attacks.

While older technology may still run fine on your systems, that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a data breach or infection.

Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a breach.

Approximately one in three data breaches are due to unpatched system vulnerabilities.

Another problem with using discontinued technology is that it can leave you behind. Your business can end up looking like you’re in the stone ages to your customers, and they can lose faith and trust.

Important reasons to keep your technology updated to a supported version are:

• Reduce the risk of a data breach or malware infection
• Meet data privacy compliance requirements
• To keep a good reputation and foster customer trust
• To be competitive in your market
• To mitigate hardware and software compatibility issues
• To enable employee productivity

Older systems are clunky and get in the way of employee productivity. If you keep these older systems in use, it can lead to the loss of good team members due to frustration.

49% of surveyed workers say they would consider leaving their jobs due to poor technology.
Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use on your home computer or within your business?

Internet Explorer

Many moons ago, Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers edged it out. Including its replacement, Microsoft Edge.

Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser lost all support on June 15, 2022.

Adobe Flash

Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it.

The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software.

Windows 7 and Earlier

Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11, are now in widespread use. The Windows 7 OS lost support on January 14, 2020.

While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows.

macOS 10.14 Mojave and Earlier

Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version.

If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple, and you need to upgrade.

Oracle 18c Database

If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities.

The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024.

Microsoft SQL Server 2014

Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. And in July of 2024, all support, including security updates will stop.

This gives you a little more time to upgrade before you’re in danger of not getting security patches. But it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade.

Get Help Upgrading Your Technology & Reducing Risk

Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues.

We can help you upgrade your technology smoothly and do thorough testing afterward. Schedule a technology review today.

Why Protecting Your Printers From Cybercrime Is A Must (And Eight Tips For Improving Printer Security)

April 28, 2022

Printing devices are often overlooked when it comes to security. But the reality is, cybercriminals can hack your printer to get confidential information. Your printer is probably the last piece of computer equipment you thought needed protection from cybercriminals. But the truth is very different.

Attackers actively try to locate the weakest links in security to gain access to and exploit valuable data. And among the weakest links is the printer.

Printers have access to your devices, network, and the Internet. This new open-access functionality makes them an ideal target for cyberattacks.

Unfortunately, many business owners overlook the importance of securing their printers and mainly focus on computers and mobile phones.

Most people still perceive printers as internal devices that serve basic functions. For this very reason, they are an easy target for cybercriminals.

Other than performing unauthorized print jobs, hackers can access confidential information as well as all connected computers and networks all through a printer.

You may also not be aware of the amount of valuable data your printer can store about you – tax files, bank details, financial records, employee information, personal information, etc. All a hacker needs to do is get into the operating system of your printer, and they can collect this sensitive data.

If you’ve just realized the importance of securing your printer, keep reading. This article shares eight tips to help you do just that.

Tip #1. Make Sure Your Printers Are Configured Correctly
Many things can make a printer vulnerable to cyber threats and security breaches. So, you want to get the basics right to ensure the attacks don’t happen to you. To start with, make sure to change the default password on your printer. Since anyone can access a printer remotely, a simple “123456” code won’t suffice.

Second, make sure you’re using your own router to print files remotely. Never connect to “Guest” networks.

Tip #2. Inspect Print Trays Regularly
This one is a no-brainer, but everyone could use it as a reminder. Make sure to check your print trays and get rid of unused pages carrying sensitive information. There’s no easier way to prevent data leaks than this.

Alternatively, you can get a shredder for your office and shred the papers you don’t want anyone to see.

Tip #3. Install Malware and Firmware Updates
Invest time and effort to ensure that your malware and firmware protection are up to date and can handle all types of hacks.

The good news is that many printers come with pre-built malware protection.

HP, for example, installs the HP “SureStart” software in their printers that monitors approaching targets when the printer is on. The software can shut down the device if an attack comes its way. This is a great way to prevent attacks from spreading further within the network.

Tip #4. Limit Access to the Network
Unprotected printers in a network are an extremely easy target for cybercriminals. Sure, businesses and offices require printers to access networks to perform remote prints. But if you can do the job by disabling the network access, make sure you do that.

If not, tweak the printer and network settings to only allow the device to take print jobs from the network you trust. This will help avoid outside interference and security breaches.

Tip #5. Update Your Printers
Updating a printer is equally as important as updating your phone to the latest software. Much in the way iOS developers look for bugs and fix them in a new update, printer manufacturers work toward known device vulnerabilities and update the software for added protection.

Look for printer updates so you can easily overcome known threats to the printer. Ideally, update your printers every quarter to get the most out of the security benefits.

Tip #6. Install a Firewall
If you run an office, chances are you already have a firewall. But in case you missed this requirement, now’s the time to do it.

Using a reliable firewall helps keep printers safe from cybercriminals. Your computers most likely come with pre-built firewalls, and all you need to do is keep them enabled. But there are also specialized firewalls for homes and offices that offer advanced security and make it virtually impossible for anyone to break in.

Tip #7. Encrypt Your Storage
Printers with shared networks can perform distance printing. And when a print job is in transit and travels from a computer to a printer, hackers can intercept the data and exploit it.

To keep this from happening, encrypt your print jobs. Also, make sure the sensitive data on your printer’s hard or internal drive is encrypted as well.

Keep in mind that when you print a document, that file is often stored as an image within the printer and makes it an easy target for hackers. It’s why you should use an encryption tool to protect your data. Luckily, many modern printers have this tool pre-built.

Tip #8. Educate Your Employees
If you work in an office, chances are you aren’t the only person using the printer. Everyone that has access to it needs to be aware of the responsibilities that come with its usage. Make sure to talk to your employees about ways to ensure both the physical and virtual safety of the printers.

Your staff should also be careful when using their mobile devices to print, as smartphones are easier to hack than standard computers. Explain to them what phishing scams are and how they can avoid being the victim.

Finally, make sure it’s clear to them how they can use confidential information in your company.

Whether you use printers in your office or at home, take a moment to see how you can enhance its security before your next printing job.

Which Type of Hacker Is Endangering Your Business Data?

April 28, 2022

Your data is pivotal to running a successful company. If you don’t have proper security measures in place, hackers can easily steal your data and take you out of business. Cybercriminals might be the biggest threat facing your company. Besides gaining access to your money and accounts, they can also take over critical software, preventing you from collaborating with clients.

Any organization can fall victim to hacking. However, small and medium businesses are particularly at risk. Why?

Too often, their owners don’t always address cybersecurity when launching their company. Sometimes, they even just hire the first IT service provider they see. They also don’t know how to shield themselves from online attackers, making them low-risk targets.

As a result, these organizations often go under due to the loss of sensitive data. It isn’t a risk you can take.

The 5 types of hackers to watch out for

Here’s a quick list of potential hackers, depending on what they’re after:

#1. Hackers Who Are After Personal Information. Many hackers are dying to get their hands on the personal information of your clients and employees. It includes birth dates, financial data, and social security numbers.

Social security numbers might be the most valuable asset they want to get ahold of since cybercriminals can use them for various purposes. For instance, they can perform tax fraud, open credit accounts, and make other significant identity breaches. In addition, financial data can be utilized for fraudulent activities and purchases, especially if it lacks robust digital security systems.

#2. Hackers Who Want to Get Into the Digital Infrastructure. Storage and data servers are expensive – and hackers know that.

In order for them to cut costs, hackers may aim to store their applications and data on your infrastructure instead. The better your infrastructure, the more likely cybercriminals are to target it. This can strain your network to the limits and have devastating effects on your business.

Unsurprisingly, tech companies are some of the most common victims of this type of hacking.

The common indicators that a hacker has tapped into your digital infrastructure include:

Running out of storage faster than usual
Your network suffers slowdowns
You may have unknown devices on your network.

#3. Hackers Who Are After Confidential Information. Few business aspects are as important as your intellectual property (IP). Your products and services enable you to stand out from the competition and strike a chord with the target audience.

A huge problem arises if hackers steal the design of your upcoming product before you launch it or submit your patent. A competitor may obtain the information, allowing them to hit the market first and undercut your sales.

#4. Hackers Who Want to Get Account Data. Sure, you and your IT service provider might have done enough so that hackers might not be able to obtain financial data. But are your employees’ accounts secure?

If hackers compromise them, they may let them run scams and gain information to disrupt your operations.

For example, losing CEO login credentials can be devastating. Besides granting hackers access to sensitive information, it also helps them impersonate the CEO. In return, they can solicit information from employees or clients and halt your operations. This data breach can lead to widespread confusion, tarnishing your reputation.

#5. Hackers Who Aim to Have Network Control. In some cases, hackers aren’t after data. Instead, they want to gain control of the entire network. And to make it happen, they launch ransomware attacks.

These activities enable them to lock you out of the system and make data inaccessible until you pay a ransom. They’re typically initiated through spam, phishing emails, and online ads.

The average ransom amount stands at approximately $30,000, but the loss caused by business disruption is much more significant.

Outdated Software Could Cost Much More Than An Upgrade

November 24, 2021

It’s nice when we own something and it’s completely paid for. Think of a car or large purchase you financed. Once it’s paid off, you feel great: money is freed up and it’s yours.

However, often in these situations, you’ve poured a few years of use into it by the time it’s paid off. When something finally breaks, the warranty has probably already expired. Then, you’re forced to decide if you are going to put money into this old car or appliance or if it’s time to upgrade instead.

When you don’t upgrade your car or appliances, there may be some small risks in terms of missing out on improved safety or the newest features, but the biggest risk will be monetary.

Businesses sticking it out with old software isn’t much different, but the consequences can be much worse.

Software is sometimes pricey, and often, the outdated software will still technically work. We get used to the layout and processes, and it becomes easy to use. After five or ten years, you know where all the buttons are. Your documentation for employees might be based this particular version, and you may not have the time to overhaul your reference materials.

The issue with this is, while you’re happy to run the 2015 version of a software, that software company has released a new version in 2016, 2017, 2018, etc. Usually, they will still update old versions for a short time after new ones come out.

Once these software companies stop providing updates, however, any known vulnerabilities will remain unpatched and any new vulnerabilities that are discovered will not be addressed.

If you know the software inside and out, so do the hackers. It’s far easier for them to utilize a known flaw than attempt to break a new and unknown software. The longer you wait to update, the more likely it is that your data or network will be compromised.

Yes, paying for that new version of software is not something we want to do, but in the long run, it may save you a lot of money and headaches.

Software as a Service (SaaS) also makes this a little easier to deal with. Rather than paying a huge amount one time upfront, you can often subscribe and pay a smaller amount monthly or yearly that allows you to install new versions as they come out. This usually includes security patches and updates too.

Another consequence of holding out on updating old software is the possibility that your PC may need to be suddenly replaced or updated. If it crashes or becomes too slow to reliably use, you can lose that program. A lot of software is provided via download, and it may not be available for download once it’s time for a new PC.

In addition, if you bought something that was written for Windows 7 and have not upgraded in the past six years, it may not be possible to use that program if you are stuck five versions behind. Also, since you paid the vendor long ago, they often won’t help you reinstall the old software; instead, they’ll require you to buy a current version before assisting.

We understand that staying with what you’re familiar with is easy. Since you own the software, it carries a financial benefit as well. However, the short-term financial gains risk data loss and essential parts of your business becoming unrecoverable in a disaster. Look at software updates like insurance: you are paying to keep yourself as protected as possible and working to minimize any potential risk.

Ransomware Attacks On Healthcare Providers Rose 350% In Q4 2019

March 27, 2020

Ransomware assaults against healthcare providers expanded an astounding 350 percent during the last quarter of 2019 with the quick pace of assaults previously proceeding all through 2020.

Ransomware attacks dominated healthcare headlines during the later part of 2019 with attacks on IT vendors disrupting services on hundreds of dental and nursing facilities, while a number of hospitals, health systems, and other covered entities reported business disruptions from these targeted attacks.

Also, in December, Blackberry Cylance specialists revealed that another ransomware variation known as Zeppelin was spotted focusing on the human services division and tech associations through the supply chain.

IT research group Corvus broke down the ransomware attacks of the last few years to get a feeling of malware’s effect on the part and its assault surface and discovered there were in excess of 24 announced ransomware occurrences a year ago.

These findings mirror similar reports, which also noted that these numbers are likely lower than the actual number of attacks – as some ransomware victims do not report the incidents to the public.

In fact, Emsisoft research shows that more than 759 healthcare providers were hit with ransomware last year, reaching crisis levels.

Further, the trend has continued in 2020 with at least four healthcare covered entities reporting attacks in January alone. According to Corvus, the number is more than any other quarter in healthcare since Q3 2017. And if the rate continues, there will be at least 12 reported during Q1 2020.

The researchers also found that healthcare actually has a smaller attack surface, on average, than the web average. Those that have reduced their overall exposure, especially hospitals, have limited the risk of exposure.

But health services and medical groups are the most at risk in the sector, according to the data.

That’s not to say that healthcare is successfully securing its attack surface. For example, one of the most common exposure types is through the remote desktop protocol, which is associated with a 37 percent greater likelihood of a successful ransomware attack.

Healthcare is also struggling to secure its email security, overall. Eighty-six percent of healthcare covered entities don’t use scanning and filtering tools on their email platforms. Even hospitals, which typically leverage these services at a higher rate, are failing to deploy this tool at a successful rate (just 25 percent use the tech).

What’s more, health practitioners, such as dentists and physicians are 14 percent less likely on average to use the most basic form of email authentication, which are known to prevent suspicious emails from making it to the inbox.

It’s concerning, as Corvus showed that more than 91 percent of ransomware attacks are the result of phishing exploits.

“Hospitals use email scanning and filtering tools more than average, but the average is low,” researchers wrote. “These services are associated with a 33 percent reduction in the likelihood of a ransomware attack. All healthcare entities should strongly consider such services to help prevent phishing.”

Corvus also found that hospitals are six times more likely to internally host their own servers, instead of leaning on a third-party vendor. As a result, those entities have “the responsibility for maintaining some aspects of security in their court: keeping up with the everchanging threats rather than handing it off.”

“As commodity ransomware has become more readily available and examples of successful attacks on smaller organizations, like local governments, gain attention, attackers may well turn their attention to organizations like individual health practitioners or nursing/long-term care facilities,” researchers wrote.

“We can see that the security measures at these kinds of organizations are average at best, and in some areas worse,” they continued. “Healthcare organizations of all sizes are at risk… They should be taking advantage of opportunities to improve email security.”

As the number of successful ransomware attacks increased, several industry stakeholders released guidelines to help organizations shore up their defenses, including the Department of Homeland Security, Microsoft, NIST, and the Office for Civil Rights. Healthcare organizations, especially those with limited resources, should turned to these insights to bolster their defenses.

Lastly, the FBI has continually reminded organizations that they should not pay the ransom for a host reasons, including that there is no guarantee the hackers will unlock the data and the threat actor may launch a subsequent attack.

Ransomware attacks have cost the healthcare sector at least $160 million since 2016, according to Comparitech.
This article was adapted from research published by Health IT Security.