Skip to main content
Tag

healthcare

weak passwords

Don’t Let Weak Passwords Plague Your Enterprise

By BlogNo Comments

The 2023 Weak Password Report once again highlighted how the breach of a password or user credential is one of the weakest links in enterprise security. When coupled with inconsistent patching, misconfigurations, and lack of vulnerability scanning, bad password practices are an easy path in for malicious hackers.

In the report, researchers analyzed more than 800 million breached passwords worldwide to find the key trends, common denominators, and lessons learned.

These include:

  • 88% of passwords used in successful attacks consisted of 12 characters or less.
  • The most commonly breached passwords consisted of 8 characters.
  • Passwords containing only lowercase letters were the most common character combination found, making up 18.82% of passwords used in attacks.
  • The most common base terms used in passwords were: ‘password’, ‘admin’, ‘welcome’ and ‘[email protected]’.
  • 83% of compromised passwords did not satisfy the length and complexity requirements of compliance or cybersecurity standards such as NIST, PCI, ICO for GDPR, HITRUST for HIPAA and Cyber Essentials for NCSC.

Brute Force Attacks Remain Effective

A brute force attack is where an attacker tests different character combinations until they find the correct login information. These began by guesswork on the part of the hacker. Although still done that way using dates of birth and child names as clues, the modern approach is to computer-generate huge numbers of potential passwords until the right one is found. Another common tactic is to take passwords available on the dark web and test them on other websites used by that individual to see if they can gain access to additional accounts. This has a decent degree of success due to people reusing the same passwords or word/number combinations.

Unfortunately, even in large, sophisticated IT organizations, weak password hygiene is commonplace. The 2022 Nvidia breach, for example, unveiled thousands of employee passwords. They included the likes of ‘Nvidia’, ‘qwerty’ and ‘nvidia3d’ among them. The reality is that most individuals see passwords as a barrier to getting their work done or getting to the information or systems they need. They aren’t going to choose technically complex passwords because it makes their lives more difficult.

Best Practices for Passwords

This is why organizations need to adopt security best practices that can enforce strong password security, such as:

  • Issue clear policy on password hygiene, including the minimum number of characters and the use of upper case, lower case, numbers, and symbols.
  • Determine an acceptable period for password changes and enforce it. Most organizations choose 90 days, but standards vary on this subject, so you should check with the most relevant compliance requirements for your industry.
  • Use Security Awareness Training to educate users regularly on password best practices.

 Vulnerability Scanning Provides an Extra Layer of Protection

As is the case with most areas of cybersecurity, one system or methodology is never enough. A multi-layered approach is required. Password protections policies, technologies, and best practices must be supported by vulnerability scanning to ensure all devices and systems on the network are scanned regularly for potential vulnerabilities on endpoints that could be easily exploited with compromised credentials. Syxsense can help detect key signs of a potential attack by alerting IT and security operations teams to events or risks such as:

  • Multiple failed login attempts
  • Misconfigured or open ports
  • Outdated antivirus signatures
  • Disabled firewalls
  • Unpatched systems
  • Compliance violations

Syxsense vulnerability scans detect any weak spots on your endpoints that can put your enterprise and data at risk of getting stolen or altered. We mitigate risk by putting IT back in control of every device used in your organization. By highlighting potential issues, your organization can reduce its attack surface and minimize the chances of a breach.

The vulnerability scanner built into Syxsense Secure and Syxsense Enterprise is effortless to employ and has a user-friendly interface. Its automation features enable IT to focus on priority tasks while it scans and secures systems and data.

For more information, join us for a Lunch and Learn demo.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cybersecurity-gov

Ransomware on the Rise: Local Governments Under Attack

By BlogNo Comments

Ransomware attacks against local governments are an increasingly common occurrence in recent years. According to a recent report, 330 ransomware attacks have been carried out against government systems over the past four years, with more than half a million individual records affected. These attacks also often disrupt essential services, such as online portals and payment systems. This can have serious consequences for local governments, as well as for those who rely on the services they provide.

Recent Attacks on Local Governments Highlight the Need for Stronger Cybersecurity Measures

There have been several recent ransomware attacks against local government organizations in the U.S. in recent years.

  • In August 2019, in a coordinated attack, 22 municipalities in Texas were simultaneously infiltrated by hackers, resulting in significant impact to their computer systems and disruption to local services.
  • In December 2019, the city of Pensacola, Florida, was hit by a ransomware attack that impacted its email and phone systems and online payment systems.
  • In May 2021, the city of Tulsa, Oklahoma, was hit by a ransomware attack that impacted more than 18,000 city files, some of them including information such as names, dates of birth, addresses, and driver’s licenses.
  • Just this month, the city of Oakland, California, was hit by a ransomware attack that exposed personal confidential data and took down the city’s computer systems for weeks.

The FBI’s Cyber Crime Center noted that “phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities” were “the top initial infection vectors for ransomware attacks in 2022.

The aftermath of attacks such as these makes one thing clear: local governments need stronger cybersecurity measures and more robust vulnerability and risk assessment. With continuous vulnerability scanning and comprehensive endpoint management, local governments can reduce their attack surface and give criminals one less entry point to launch an attack.

Limited Resources Pose a Challenge for Maintaining Secure IT Infrastructure

Consistently tight budgets have left local governments particularly vulnerable to ransomware attacks. Many local government organizations must use older hardware and software because they do not have the luxury of upgrading to newer technology. This can lead to systems and applications that may no longer be supported by vendors, with vendors supplying security updates or patches. Limited staffing resources have only compounded this issue, leaving many local government agencies unable to keep up with patching and other IT or security operations such as regular vulnerability scanning.

Many local government organizations have limited resources, small IT teams, and tight budgets, which make it difficult to keep up with the maintenance and support of current and older systems. With more devices being used to get work done, hastened by the pandemic and work-from-home initiatives, many IT and security teams don’t have a clear picture of how many devices are connected to the enterprise, much less whether those devices are up-to-date on patches and other security measures. This means they cannot monitor the health of devices accessing sensitive information, scan for potential issues on the devices, deploy patches, or enforce security controls that would limit their attack surface and reduce their exposure to these types of attacks.

While there are many challenges local governments face in managing and securing their endpoints, it is crucial that they do so. The best way for government organizations to prevent crippling cyber-attacks like ransomware is to implement best practices around patch management and vulnerability scanning.

Leveling the Playing Field

While attackers are targeting local governments more frequently due to outdated and vulnerable systems and limited resources, this does not mean that government organizations must be victims. Tools that consolidate management and security with automation can make these organizations less vulnerable to cyberattacks and reduce the burden on their budgets and staff. By implementing these measures with a tool that does the work for them, they can ensure their systems and sensitive data remain secure and protected.

Implementing best practices around patch management and vulnerability scanning is particularly important in these environments. Older devices may have unpatched operating system vulnerabilities or use software that has reached end-of-life from vendors that no longer release updates, leaving the devices exposed to risk. This does not mean that they should simply be left as-is, though. Other mitigations, especially policy-based security controls, can help reduce the risk from older devices and applications. Unified security and endpoint management (USEM) tools make it easy to implement these best practices by enabling patch management best practices, regularly scanning for vulnerabilities, and remediating vulnerabilities automatically. This ensures that the devices employees use to work and access sensitive data are managed and secure, while cutting off device access if it does not have the proper management and security profile.

Automating vulnerability scanning and patch management can make local governments less of a target for attackers. When vulnerabilities are quickly identified and addressed and software is regularly updated, the risk of a successful cyberattack is significantly reduced, making governments less likely targets in the future.

Find out how Syxsense helps local governments strengthen cybersecurity measures and keep endpoints secure. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Healthcare Under Attack

By BlogNo Comments

According to a report by Comparitech, the healthcare field is attracting a lot of attention from cybercriminals; ransomware, in particular, has created chaos across the sector. In 2021 alone, there were more than 100 ransomware attacks that impacted around 2,300 healthcare organizations, including 20 million patient records. The 2022 report comes out later this year, but the forecast looks grim.

Estimates of the cost of these attacks is upwards of $8 billion and that’s just in downtime. The average number of days of downtime was six, although some organizations were offline a lot longer. In addition to this price tag were ransomware payments that varied anywhere from $250,000 to $5 million, such as TriValley Primary Care’s payment of $250,000, Allergy Partners payment of $1.75 million, and UF Health Central Florida’s payment of $5 million.

It’s clear that medical organizations are being targeted by cybercriminals. While the sheer size of the attack surface can make it seem impossible to change, this doesn’t have to be the case.

The Harm of Ransomware in Healthcare

Ransomware is a dangerous form of malware for any organization. But for the medical sector, it is particularly harmful because patient health and privacy is at risk. The effects of an attack can disrupt key systems or even shut them down, leaving healthcare providers without access to patient data and medical records. In addition, the already high cost of medical care will only increase as organizations struggle to operate efficiently due to ransomware disruption and payouts.

The financial repercussions from regulatory agencies when healthcare organizations fail to secure their systems and a breach occurs can be severe. The Health Insurance Portability and Accountability Act (HIPAA) regulations stipulate security policies to protect patients from unauthorized access to health records and medical history. Failing to comply with HIPAA regulations can leave businesses facing fines of up to $1.5 million, in addition to any payouts related to a resulting breach.

Such attacks are becoming all too common: Scripps Health, a network of five hospitals and 19 outpatient clinics in California, was infiltrated by ransomware in 2021 to the cost of more than $100 million. Two of its hospitals lost access to electronic medical record systems and offsite servers, leaving several units unable to provide care and requiring patients to be diverted to other facilities. Though the initial access vector for the breach remains unverified, an internal email distributed after the attack noted that Scripps added multi-factor authentication processes for remote access and mobile devices and new security software on 98% of all Scripps devices. This suggests that access rights to high-value databases and assets were not protected by foundational cybersecurity controls.

Protecting Hospitals and Patients from Ransomware

Medical organizations can take steps to prevent the spread of ransomware by updating security policies and ensuring the burden of compliance isn’t left to busy healthcare workers. While doctors and nurses provide care to patients, organizations can rely on tools that consolidate vulnerability scanning, patch management, and compliance reporting to monitor and secure their environment.

In the case of Scripps Health, a unified security and endpoint management (USEM) solution with user- and device-based, multifactor authentication controls and integration with existing IT infrastructure, such as Active Directory, could have ensured compliance with security policies that restrict access to confidential records. With USEM, healthcare organizations could automatically verify that users and devices had multifactor authentication set up and up-to-date security controls in place before users could gain access to critical data.

USEM solutions enable healthcare organizations to achieve and maintain compliance with regulations such as HIPAA, ensuring that patient data is protected, and healthcare organizations aren’t subject to the financial burden of fines and payouts.

Find out how Syxsense helps healthcare organizations identify, manage, and secure their endpoints. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo