As we head into the New Year and I pull together the last security blog of 2018, I want to highlight a few of the latest exploits and breaches that showed up on my security news radar during Thanksgiving week and the important questions they pose. Don’t head into 2019 without asking yourself these top cybersecurity questions:
1. How is your Email Security?
News Headline: New HealthEquity Data Breach Exposes PII/PHI of Almost 21,000 Customers
Highlights:
- HealthEquity is an IRS non-bank health savings trustee that handles more than 3.4 million health savings accounts (HSAs)
- October-September 2018 – Email breach exposed the personal health information (PHI) and/or personally identifiable information (PII) of nearly 21,000 subscribers
- It’s happened once before this year: June 2018 – Phishing attack exposed the personal health information (PHI) of approximately 23,000 subscribers
- Data exposed includes employee names, plans, account types, and health plan enrollment data
(Read more on Softpedia)
*Bonus Question: How is your security awareness training?
2. How is your Malware Protection?
News Headline: 500 Percent Increase in macOS/iOS Ransomware Attacks During 1H of 2018
Highlights:
- Managed service providers (MSPs) reported a 500% surge of macOS/iOS ransomware attacks from January to June 2018
- 92% of MSPs predict the number of ransomware attacks will continue at current, or worse, rates
- 79% of MSPs said that ransomware is still a massive threat to small-to-midsized businesses (SMBs)
- 79% of MSPs report ransomware attacks against customers
- 67% of MSPs report victimized clients experienced a loss of business productivity
(Read more on Softpedia)
3. How is your Endpoint Protection or Endpoint Detection and Response (EDR)?
News Headline: Hackers Discover iPhone X Bug Exposing Files, Including Deleted Photos
Highlights:
- Hacker group Fluoroacetate broke into the iPhone X at the Pwn2Own hacking contest in Tokyo
- They used a Safari browser vulnerability
- Exploit allows unauthorized access to user files, including current and deleted photos
- Samsung’s Galaxy S9 and Xiaomi Mi6 where also hacked at the same event
(Read more on Softpedia)
What should you do?
We say it so often in the security industry it feels like this goes without saying, but I’ll write it anyway. Trust but verify all links, attachments, and digital requests that come your way. There’s no silver bullet, but there are countless time, money, and resource-sucking nefarious cyber criminals lurking behind every mouse click and digital door you go through. Being vigilant, hyper-aware, and maintaining good digital hygiene, and teaching your users to do the same, will save you from future headaches.
For organizations, a layered security approach cannot be overlooked, and there is no substitute for Defense in Depth. The security and infrastructure controls we implement at IE include segmentation, patching, adoptions, and best practice configurations of the existing tools in our arsenal because infrastructure protection and security is our priority. Ask yourself, is there anything extra you can do, from an infrastructure perspective, to add more defensive layers and minimize lateral movement of malware in your network? Are you using all the current capabilities you have today to their fullest potential?
If the answer is no, or you aren’t sure, reach out to our Security Team today. We’ll assess your current security program to identify any gaps and help you build a stronger path to delivering Security Anywhere, Any Way.
