Archive for August 2, 2022

Cost of a Data Breach Average $15.01 Million: Black Kite

Posted in Commentary with tags on August 2, 2022 by itnerd

Black Kite has today released ‘The Cost of a Data Breach: A New Perspective’ which examines the impact of 2,400 cyber incidents between 2017-2022. The most notable takeaway being that of the 1,700 companies with a digital presence that could still be monitored, the overall average cost of a data breach is now over $15.01 Million. Additional key findings include:

  • Overall average cost of a data breach (outliers removed) – $15.01 million
  • Overall average cost of a data breach (including outliers) – $75.21 million
  • Most financially devastating threat actor: Conti, with ten attacks averaging at $84.98 million per incident
  • Seven hundred of the companies breached within the last five years – or one-third – no longer have a digital presence or never disclosed their company name
  • Seventy-nine percent of the 1,700 analyzed breached companies are highly susceptible to a phishing attempt
  • Finance and Insurance had the highest number of incidents (445), with an average cost of $35.34 million per incident

None of those are trivial numbers. And Mark Bower, VP of Product Management for Anjuna Security had this to say:

     “While many of the classical threats, including ransomware penetrate and devastate traditional on-premises servers and IT, the stakes are even higher with increasing cloud transformation driven by the need to handle more data, more analytics at a scale not previously possible. To avoid such projects becoming part of the trillion-dollar data breach debt, forward-thinking organizations are embracing completely new confidential computing models to essentially eliminate the new and vulnerable cloud attack surfaces. By embracing this, the most sensitive workloads can be executed with controls locked by cloud computing hardware itself – and highly resistant to attack from inside threats or external exploitation.”

My take home from this report is to not be a victim. Because based on these numbers, it’s cheaper to prevent being a victim than to be pwned.

UPDATE: I have two additional comments. The first is from Sanjay Raja, VP of Product at Gurucul:

     “As successful breaches continue to pile up and the cost of a breach continues to escalate, too many vendors are claiming to have the silver bullet to solve the challenges that security operations teams face, while really providing a cobbled together set of capabilities like a house of cards. We have seen the direct result of more advanced and costly attack campaigns combined with unadaptable and insufficient SIEM and XDR solutions leading to security struggling to detect, investigate and respond to attacks from just 2 to 3 months extended to 7 to 9 months in recent years. Tacking on analytics or functional pieces is not the solution. Organizations need an integrated approach that not only detects an attack, but also helps security teams prioritize and validate the full attack campaign early in the kill chain. This requires significant breadth and depth of open and interconnected security analytics across a wide set of data sets, behavioral-based detection methods working in conjunction, not siloed, and accurate and precise context and risk scoring to drive the entire security operations lifecycle till the attack is fully eradicated before an organization loses millions of dollars, brand reputation and shareholder value.

As always, the best defense is an effective offense to protect against data breaches. Organizations need newer and more advanced technologies beyond current XDR and SIEM platforms. Prioritizing solutions that automate detection, prioritize seemingly random indicators of compromise for further investigation and automate responses with a high-level of confidence are critical in deciding where to invest.”

The second is from Kevin Novak, Managing Director at Breakwater Solutions:

     “Small to Mid-Sized Businesses (SMBs) are particularly susceptible, and very financially exposed, to threats today. To compete, they are being forced to deliver technological capabilities that rival their larger competitors, but they simply don’t have the benefits of scale that those larger companies have to support that technology.  In fact, we often see SMBs without any formalization of cybersecurity within the enterprise but maintain a significant online presence.  The good news for these SMBs is that third parties and the use of public cloud services has made it possible for firms to offer technology solutions riveling the larger institutions.  The bad news is that these third parties often maintain a “shared security responsibility” model, one that is regularly misunderstood by enterprise’s purchasing their services.  This leaves the door open for accidental misconfigurations and account for one of the most significant causes of security events today.  

Often, when thinking about cybersecurity, an enterprise will consider things like data being leaked, or bank accounts being compromised.  Their decision making around these threats leads to only partially informal decisions about loss appetite.  They fail, unfortunately, to consider many of the other aspects of cyber risk including cyber events that, for instance, create operational downtime or a complete unrecoverable loss of company data.  This is particularly seen with attacks that leverage destructive malware and Ransomware (one of the top attack types seen today).  Companies that suffer such events face the possibility of a complete, extended operational meltdown, one that is very difficult to explain to clients and regulators.  It should come as no surprise then, that these types of attacks tend to cost companies the most.  For this reason, firm’s need to consider not only those controls that can be used to prevent a cyber event, but also those principles that detect, respond, and recover from an event.  This includes the development and maintenance of a security operations center focused on threat detection, an Incident Response program, and a Business Continuity and Disaster Recovery Program.  One that is particularly focused on ensuring for the resilience of the most critical business processes and data.

It is very important that companies consider the spectrum of potential loss events in the context of their own design, with knowledge of their total loss potential with and without controls.  This includes developing an understanding of the possible cyber scenarios that might befall that company, and further mapping the likelihood of each scenario from occurring.  While tail events understandably don’t happen often (though more so in the past several years) those tail events may be large enough to threaten the firm’s ability to maintain itself as a going concern, or minimally create a material, reportable loss for the firm.  For this reason, Black Kite has posted their findings with and without consideration for tail events.  It’s important to recognize that while the average without tail events (the most comment events) is $15.01MM, the average with tail events jumps to $75.21MM…clearly a number of very significant loss events in that mix…ones that firms should consider when determine overall cyber risk loss exposure.

With SMBs and even larger firms, we often see significant opportunities for focus when it comes to cybersecurity and dollar spend strategies.”

Bell Announces An 8Gbps Internet Offering And WiFi 6E… Rogers Must Be Freaking

Posted in Commentary with tags on August 2, 2022 by itnerd

I guess Bell is taking the attitude that Rogers is in very deep trouble and they have the opportunity to take them out once and for all. I say that because Bell just dropped a press release in the last few minutes that must have Rogers execs quaking in their boots:

Today, Bell announced that it is set to deliver the fastest Internet speeds in North America of any major provider. As announced previously this year, Bell is already the fastest of any major provider in the country with 3Gbps and is now introducing even faster symmetrical speeds of up to 8Gbps, the fastest of any speeds offered today by any major provider. With these speeds, and in select areas of Toronto, Bell pure fibre Internet will have download speeds five times faster than cable technology and upload speeds 250 times faster than cable technology. Bell also will bring Wi-Fi 6E in the home, the fastest Wi-Fi technology available, and when coupled with North America’s fastest Internet speeds, is set to transform the at-home experience.

And:

Bell will roll out North America’s fastest Internet speeds and Wi-Fi technology of any major provider to customers starting in September. 8Gbps speeds will be available starting in select Toronto areas, with more regions across the country to follow. The new Giga Hub enabling Wi-Fi 6E will be available for customers in Ontario and Québec starting this Fall and later expanding to other provinces. New and existing customers can call Bell for more details or visit Bell.ca/fastertotalspeed.

This is clearly a response to Rogers who is rolling out 8Gbps in “select communities”. But the thing is, I am not aware of anywhere that actually has this service. Thus giving the impression that this is vapourware. Though someone from Rogers, as I know that they read my posts, is free to correct me on that. Contrast that with Bell who based on their previous history typically has rapid availability on what they announce in a press release. So if they say that 8Gbps will be available in September, I believe them.

Another thing that is different than what Rogers is offering is that Bell is also offering up their equipment with WiFi 6E. While I advise against using an ISP’s gear because of the fact that it’s a means to lock you into using their services, the move to WiFi 6E is sure to entice some toward Bell as that will fully leverage the speeds that they are offering. Now I am sure that Rogers will do the same thing eventually, but Bell was first and yet again has the technological high ground.

It will be interesting to see how or if Rogers responds to this as they have other issues to deal with at the moment. For example, dealing with the fallout from the nationwide outage in July, and the clear and present danger of the merger with Shaw Communications failing.

Healthcare Crisis Exacerbated By Mobile Device Downtime And Cybersecurity Risks: SOTI Study

Posted in Commentary with tags on August 2, 2022 by itnerd

As the pandemic disrupted traditional patient service models, the Canadian healthcare sector overwhelmingly adopted remote and telehealth technology solutions. New global research from SOTIA Critical Investment: Taking the Pulse of Technology in Healthcare, shows 97% of Canadian healthcare providers have implemented IoT/telehealth medical device capabilities, with a large majority of them (68%) doing so since the start of the pandemic.

The increased adoption of new technologies in the healthcare sector is evident in 77% of IT healthcare professionals indicating they have increased their annual technology spend since 2020.

The rise in healthcare IT investments in Canada appears to be focused on three key elements: interconnectivity, automation and data management. Research revealed that 77% of IT healthcare professionals agree patient services benefit from heightened interconnectivity71% agree the use of artificial intelligence (AI) in patient care enables medical staff to treat more patients and 94% stated digital patient recordkeeping increases efficiency and enhances data sharing.

As part of its report, SOTI surveyed 150 healthcare IT professionals across Canada to better understand how their organizations pivoted to provide patient care throughout the pandemic, the role technology played in delivering positive patient outcomes and what major obstacles remain.

Data Security An Ongoing Concern

Seventy-eight per cent (78%) of IT healthcare professionals are worried about patient information being revealed, lost, accessed, stolen or inadequately backed up. These are justified concerns with 42% of organizations having experienced a data breach from an outside source, and 55% having experienced a data leak due to employee error since 2020. Healthcare IT professionals are primarily focused on the following data security concerns:

  • Patient records being stolen in a cyberattack or hacking (40%)
  • Financial cost if their organization experiences a data breach (39%)
  • Patient information being revealed without patient consent (35%)In addition, 65% of IT professionals believe patient data security is more at risk than ever, while 49% agree their organization does not spend enough money on data security.

Addressing Device Downtime

Sixty-three per cent (63%) of Canadian IT healthcare professionals said their organization experiences downtime with IoT/telehealth medical devices, leading to patient care delays. This has resulted in each Canadian healthcare employee losing approximately 3.1 hours per week on average, adding up to approximately 19 days lost per year.

Report Methodology
Using an online methodology, SOTI conducted 1,300 interviews with IT professionals in organizations providing frontline patient-facing healthcare services with 50+ employees across eight countries. All participants are aged 18 and over. Fieldwork was conducted from June 7 to 14, 2022. The interviews are split across eight markets as follows: U.S. (200 interviews), Canada (150 interviews), Mexico (150 interviews), UK (200 interviews), Germany (150 interviews), Sweden (150 interviews), France (150 interviews) and Australia (150 interviews).

Guest Post: Record-breaking number of router security flaws discovered in the last few years

Posted in Commentary with tags on August 2, 2022 by itnerd

The data presented by Atlas VPN reveals that router vulnerabilities have surged to record heights in the past few years. 

It is argued that routers have received more attention due to the increase in remote work, which opens up the possibility for hackers to breach corporate security by abusing old and unpatched home routers.

Router security flaws are hazardous as they may expose individuals and corporate networks to cybersecurity dangers such as hacking, data breaches, financial fraud, industrial espionage, and others.

The figures for the analysis were extracted by Kaspersky from cve.mitre.org and nvd.nist.gov. Even though these data sources show a different number of flaws, they both depict a clear upward trend in vulnerabilities.

According to cve.mitre.org, researchers found a record-breaking 321 vulnerabilities in 2021, the highest in over a decade. Yet, the increase started a year before, when flaws jumped from 130 in 2019 to 206 in 2020, representing a growth of 58%. 

On the other hand, data from nvd.nist.gov informs us that 2020 was the worst year for router flaws, with a total of 603 vulnerabilities, a substantial increase of 191% over 2019.  

However, 2021 was not much better, as vulnerabilities remained alarmingly high.

More importantly, out of 506 vulnerabilities identified last year, 87 of them were marked as critical. Of these vital flaws, 29.9% remained unpatched and without updates of any kind from the vendors. 

Another 26% of critical flaws were only acknowledged by the vendors but not fixed as of June 8, 2022.

To read the full article, head over to: 

https://atlasvpn.com/blog/record-breaking-number-of-router-security-flaws-discovered-in-the-last-few-years