Hub Weekly Digest: US Labor Dept., Enterprise Security, Supply Chain Security, Kaseya Ransomware and Healthcare Attacks
HUB Security’s weekly digest covers top stories happening around the world related to cyber attacks, threats and global cybersecurity news.
Join our webinars on the most relevant cybersecurity topics trending in 2021 — stay up to date via our LinkedIn and Twitter.
HUB Security’s upcoming webinar, Stopping Ransomware Using AI taking place September 9th will host Dr. Celeste Fralick, Chief Data Scientist and Senior Principal Engineer at McAfee to discuss the challenges in developing AI algorithms for ransomware protection. Register here.
The US Labor Department Moves Toward Zero Trust
The Department of Labor was forced to go back to the drawing board and develop a new implementation strategy around zero trust after the White House released its cybersecurity executive order in May, according to the agency’s Chief Information Security Officer Paul Blahusch.
Blahusch provided details at FCW’s cybersecurity workshop on Wednesday about how the Labor Department quickly began reorganizing to accommodate the order’s aggressive deadlines, including the goal of developing an agency-wide plan for zero-trust architecture and implementation within 60 days. (Source)
Enterprises Turn to Cybersecurity Providers to Fight Off Cyberattacks
Enterprises in the U.S. are turning to cybersecurity providers offering best-of-breed technologies that can help them fend off cyberattacks from sophisticated criminals, according to a report published by Information Services Group (ISG). The report for the U.S. finds many cybersecurity services providers forming partnerships to bring customers the best defenses available. Many providers are building centers of excellence, intelligence labs and global security operations centers to bring new cyber-defense solutions to market and improve their services. (Source)
New Survey Reports Supply Chain Security Low Across 76% of US Healthcare Systems
That’s what CynergisTek found in its fourth annual report, Maturity Paradox: New World, New Threats, New Focus, which looked at close to 100 assessments for security and privacy issues among hospitals, physician practices, accountable care organizations and business associates.
Each organization’s security measures were evaluated against the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF), published in 2014 to protect American critical infrastructure. High performers had NIST conformance scores over 80%, while low performers had scores under 80%. (Source)
Kaseya Ransomware Attack Sets Off Race to Hack Service Providers
A ransomware attack in July that paralyzed as many as 1,500 organizations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said.
An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, “they are already busy, they have already moved on and we don’t know where,” said Victor Gevers. (Source)
Study Reveals Hospitals Lag Other Companies in Cybersecurity Risk Ratings
A study published this week in the Journal of the American Medical Informatics Association found that hospitals with low cybersecurity ratings were more likely to experience a data breach. The research, which also compared hospital cybersecurity ratings with Fortune 1000 firms, found that health systems remain statistically more vulnerable to botnets, spam and malware.
“Recent hacking and ransomware attacks may be shifting the security landscape for hospitals, with much larger potential hospital and patient consequences,” wrote University of Central Florida’s Sung Choi and Vanderbilt University’s M. Eric Johnson in the study. “Ongoing risk assessment is needed to keep up with these threats and will likely require even further security investment,” they added. (Source)
