How To Protect Your Business From Ransomware Without Restricting Employees
Posted on by Zuly GonzalezCategories Blurb, Security, Web SecurityLeave a comment on How To Protect Your Business From Ransomware Without Restricting Employees

The internet has seen a lot of different malware variants pop up over the years, but few of them have had quite the financial and technical impact as the one on every security professional’s lips in 2018: Ransomware. But what is ransomware exactly, and what makes it so much more devastating to businesses than any other malware that has come before it?

According to a recent blog post from IBM’s SecurityIntelligence division, ransomware is defined as “…malware that holds your data hostage and demands payment for release”. In the post IBM talks about the various attack vectors that ransomware can use to infiltrate a corporate network, including phishing emails and web-based infection pathways. Read the full article here.

IBM suggests that the best ways to protect against ransomware threats is to constantly update your network with the latest security patches, teach employees how to spot potential scam emails or links, and have a threat response team trained and ready to go in case the first two lines of defense fail. However, the author also suggests limiting the functionality of your users’ workstations, such as disabling Flash (that may be necessary for some business web apps to function properly), which can result in lost productivity and continued headaches for your network security team if implemented improperly or with too many restrictions.

This is exactly where solutions like Remote Browser Isolation (RBI) can help. RBI allows your employees to retain many of the same freedoms they’ve become accustomed to when it comes to how they use and browse the web, while also securing your network against the threat that major ransomware variants like WannaCry pose.

RBI is both simple to implement and highly effective against the threat vectors that bad actors rely on most frequently to deliver ransomware infected payloads to enterprise networks. RBI also offers a host of additional features that help protect your users’ privacy and security in the era of rapidly evolving ransomware threats.

Learn more about Remote Browser Isolation

Endpoint Security Solutions Challenged by Zero-Day and Fileless Attacks
Posted on by Zuly GonzalezCategories Computer Security, Security, Web SecurityLeave a comment on Endpoint Security Solutions Challenged by Zero-Day and Fileless Attacks

As the world of malware continues to evolve at a relentless pace, IT departments globally are struggling to keep up. Today, fileless attacks and zero-day exploits are appearing more frequently, and traditional AV solutions and detection methods are failing to prevent infections the way they used to.

According to a recent article posted by Help Net Security, the challenges that endpoint security specialists face in this fight are significant. In a survey by the Ponemon Institute and Barkly that polled 660 IT and security professionals, they found that 64 percent of organizations experienced a successful endpoint attack in 2018, which represented a 20 percent increase from the same 12-month period last year. Furthermore, 63 percent of individuals surveyed stated that the frequency of endpoint attacks has increased in the past 12 months. Read the full article here.

Most importantly, respondents estimated that the current AV implementations active on their networks were only capable of blocking 43 percent of incoming attacks.

In response to this problem some organizations have resorted to focusing more on quickly detecting and responding to attacks instead of preventing them. However, the prospects of this solution working are bleak at best, given the results of the 2018 Cost of Data Breach Study by Ponemon, which found that the average time to detect and contain a mega breach was 365 days – almost 100 days longer than a smaller scale breach (266 days).

This begs the question: what potential solutions are out there which can mitigate the threat that zero-day and fileless attacks pose without affecting employee productivity or adding unnecessary burden on the on-site IT staff? Options like Remote Browser Isolation present a secure alternative to traditional antivirus detection methods.

Remote Browser Isolation can help close the gap between post-infection detection techniques, which may not detect all attacks, and the proactive threat hunting approach that may leave the corporate network vulnerable for weeks before the threat is detected and neutralized. By isolating an employee’s browser activity in an external virtual environment that exists outside of your corporate network, any breach attempts that are launched against that user via a web browser, whether they are zero-day, fileless, or run of the mill attacks, can be stopped before they can even enter the corporate network. By implementing Remote Browser Isolation, your IT department can reduce the management overhead while simultaneously making it easier for your users to browse the web safely, securely, and without the limitations that other protection methods might place on their daily browsing habits.

Learn More About Remote Browser Isolation

If You Use Your Web Browser’s Incognito Mode We’ve Got Bad News
Posted on by Zuly GonzalezCategories Computer Security, Security, Web SecurityLeave a comment on If You Use Your Web Browser’s Incognito Mode We’ve Got Bad News

We place our trust in simple browser features like Chrome’s ‘incognito browser mode’ with an expectation that it will work as advertised and protect our privacy. Sadly, it doesn’t.

The incognito browsing mode, or the ‘private browsing mode’ as it is also known, has become the go-to method that amateurs rely on to protect their privacy and keep their internet browsing history a secret. But while the private browsing mode is good enough for preventing local cookie tracking or saving of autofill details, it falls short in dozens of other ways that matter most in keeping your information truly private and secure. For example, the private browsing mode cannot prevent browsers from giving away your geographical location, nor can it prevent viruses and malware from infecting your computer.

In an article posted on IFLScience.com, Aliyah Kovner blames the major browser providers for not doing a good job with their disclosures, which makes it difficult for their users to comprehend what these features actually can and cannot do. Read the full article here.

Though the article doesn’t offer a solution, it does bring up two very important points – (1) the majority of users out there want an easy, convenient and reliable way to protect their privacy while browsing the web and (2) even if the major browser providers improve their disclosures, people are not likely to read them, which means that they will likely still not understand the limitations of these features..

This poses a big challenge for companies that not only need to protect their users’ privacy, but also need to ensure that their corporate network is secure from threats like malware and ransomware.

Enterprises need a solution that can address both the privacy concerns of their users and the security concerns of their security teams. What they need is a solution called Remote Browser Isolation (RBI) that can not only enable truly anonymous web browsing, but can also ensure the security of their network against web-based malware threats, and much more.

Learn more about Anonymous Web Browsing with Remote Browser Isolation

Light Point Security CEO to Speak at the Techno Security & Digital Forensics Conference
Posted on by JudyCategories Events, Light Point Security Update, Security, Web SecurityLeave a comment on Light Point Security CEO to Speak at the Techno Security & Digital Forensics Conference

I’m happy to share that Light Point Security CEO, Zuly Gonzalez, will be speaking at the 2018 Techno Security & Digital Forensics Conference about how malware can infiltrate an organization’s network and how to protect against these threats. This is Zuly’s second year presenting at this conference and we are looking forward to another great show of making new connections and learning from the best.

The Techno Security & Digital Forensics Conference will be held June 3-6, 2018 in Myrtle Beach, SC. Zuly’s presentation is scheduled for Monday, June 4, 2018 10:30am – 11:20am. If you’d like to join us at the conference and attend Zuly’s presentation, you can register here. We hope you’ll join us!

Presentation Information

Don’t Let the Hunter Become the Hunted – Protect Your Online Research Network Intelligently

Online research of publicly accessible websites is a source for a practically infinite amount of data. But who knows what sorts of malicious software (malware) is lurking on the other side of every link you click. A malware infection in your research lab’s network can have devastating effects for your organization, ranging from data theft and leakage, ransomware infections, or simply destruction of your data and equipment. If your data is stolen and leaked to the wrong people, it may be you that is being investigated by your targets! This session will discuss the malware risks you are exposed to when doing online research as well as some cutting edge new ways to protect your network from online malware threats.

Webinar: How to Prevent WannaCry and Other Web Threats
Posted on by JudyCategories Events, Light Point Web, Security, Web SecurityLeave a comment on Webinar: How to Prevent WannaCry and Other Web Threats

Light Point Web prevents WannaCry and other ransomwareIn a matter of days, the WannaCry ransomware outbreak infected more than 230,000 computers in 150 countries. It impacted healthcare organizations, universities, government agencies, and many others, including FedEx. If you are concerned about the WannaCry ransomware and other similar attacks, join us for this informative webinar.

Light Point Security is hosting a joint webinar with partner, ELEVI Associates, today May 18 at 1pm EST. This educational webinar will explain the causes of ransomware and the devastating effects it can have on an organization. Learn about remote browser isolation technology and how it protects organizations from ransomware and other web-based threats.

Join us by signing up for the webinar here.

Register Now

Ransomware’s Devastating Effects on the Healthcare Industry [Infographic]
Posted on by Zuly GonzalezCategories Resources, Security, Web Security1 Comment on Ransomware’s Devastating Effects on the Healthcare Industry [Infographic]

healthcare ransomware effects infographicRansomware has taken its toll on the healthcare industry. With new attacks seemingly every week, are you prepared to fight back, and protect your organization and your patient’s protected health information (PHI)?

As we mentioned previously in Why Ransomware Gangs Love the Healthcare Industry, ransomware is projected to grow 670%, and the healthcare industry has the highest cost per record stolen of any industry at $363 per stolen record. And with your patient’s lives in your hands, the stakes couldn’t be higher.

This infographic highlights the devastating effects ransomware and security breaches have had on the healthcare industry. (Click on the image for a full-sized version.) Are you protected?

Please share to spread the word!

Not into sharing infographics? Tweet these statistics instead:

  • The cost of cyberattacks to U.S. health systems over 5 years is $305 billion. [tweet this]
  • Cyber criminals to collect $1 billion in ransomware payments in 2016. [tweet this]
  • The cost per stolen healthcare record is $363. [tweet this]
  • Healthcare is 4 times more likely to be impacted by advanced malware than the avg industry. [tweet this]
  • Healthcare is 4.5 times more likely to be impacted by ransomware than the avg industry. [tweet this]
  • There are 340% more security incidents and attacks in healthcare than the average industry. [tweet this]
  • Ransomware attacks are projected to grow 670%! [tweet this]
  • Healthcare records are 10 times more valuable than credit card details on the black market. [tweet this]

Looking for more? Check out this article for more interesting statistics and information on ransomware in the healthcare industry.

Embed This Image On Your Site (copy code below):

Will You Be the Next Health System Held for Ransom?
Posted on by Zuly GonzalezCategories Events, Security, Web SecurityLeave a comment on Will You Be the Next Health System Held for Ransom?

This is going to be a great panel! I’ll be moderating a panel for the 2016 CyberMaryland Conference on the topic of preventing ransomware in healthcare. We have a dynamic and engaging group of panelists comprised of CISOs and CIOs with decades of experience in the healthcare industry. They’ll be sharing stories and best practices to help you protect your organization from ransomware and other cyber threats. Come ready to learn!

The 2016 CyberMaryland Conference will be held Oct 20-21, 2016 in Baltimore, MD. Our panel is scheduled for Friday Oct 21, 2016 1:45pm – 2:45pm. I hope you’ll join us as this promises to be an engaging panel.

If you haven’t registered for the conference yet, use our discount code TCMdGuest for a 25% discount.

If you have any topics or questions you’d like our panel to discuss, send them our way. You can email your questions or topic suggestions to info@lightpointsecurity.com, or tweet us at @LightPointSec and use the hashtag #CyberMD2016.

Panel Information

Will You Be the Next Health System Held for Ransom?

All healthcare organizations should have anti-virus and firewalls in place – but that’s just not enough in today’s ever evolving world. As attackers grow more and more sophisticated, and ransomware becomes the new normal, healthcare organizations are struggling to keep up.

Hear from an expert panel of healthcare CIOs and CISOs on best practices for keeping ePHI out of the wrong hands, as well as innovative technologies that can be used to avoid becoming the next ransomware victim. Together they have decades of experience managing and securing healthcare networks, and will share practical ways you can secure yours.

Moderator
Zuly Gonzalez, Co-founder and CEO, Light Point Security

Panelists
Chad Wilson, Director of Information Security, Children’s National Medical Center
James Parren Courtney, SSSE Certified Chief Information Security Officer, University of Maryland Medical System
Darren Lacey, Chief Information Security Officer, Johns Hopkins University
Chris Panagiotopoulos, Chief Technology Officer, LifeBridge Health

Healthcare Ransomware Prevention CyberMaryland 2016 Panel

 

Insider vs. Outsider: What’s the Greater Security Risk?
Posted on by Zuly GonzalezCategories SecurityLeave a comment on Insider vs. Outsider: What’s the Greater Security Risk?

Beau Adkins - CEO of Light Point SecurityThe Digital Guardian asked 47 security experts to discuss what they think is a bigger threat to an organization, an insider or an outsider. Light Point Security’s CTO, Beau Adkins, was invited to participate on the panel of security experts to discuss what he has seen over the course of his career. Here’s what he had to say:

“In my experience, the biggest threat to a company’s data is posed by…”

Insiders. However, they are most often not deliberately a threat. Outsiders are the ones who have bad intentions, but they don’t have access. Network restrictions are usually strong enough to keep them out. So instead they focus their efforts on tricking unsuspecting insiders into opening the doors for them. And once inside, they are indistinguishable from the insiders.

Employee web browsing is one of the most used pathways to accomplish this. Outsiders set up a website capable of exploiting any computer that browses to it, then they send emails to the insiders that entice them to click a link to that site. Most employees will not take the bait, but it just takes one person to give in to curiosity and click the link.

Malicious outsiders are very good at this. They can craft emails that look like they are from someone within the company and reference projects or people that the recipient knows. It can be very difficult to tell these emails are not legitimate. With a little perseverance, it’s just a matter of time before someone clicks.

Because of this, efforts to protect the company from malicious outsiders can only go so far. Companies today must prioritize protecting against threats from their own insiders. One employee clicking the wrong link doesn’t have to put the whole company at risk.

Check out what the other experts had to say by reading the full article on Digital Guardian.

Why Ransomware Gangs Love the Healthcare Industry
Posted on by Zuly GonzalezCategories Computer Security, Security, Web SecurityLeave a comment on Why Ransomware Gangs Love the Healthcare Industry

Ransomware Costs Healthcare MillionsRansomware. It’s the latest buzzword, and everyone is talking about it, especially in healthcare.

Ransomware has become increasingly prevalent over the last year because it’s been so successful for the bad guys. According to the FBI, cyber criminals are on pace to collect $1 billion from ransomware payments in 2016. And data breach response insurance provider, Beazley, projects ransomware attacks will grow 670% from 2014 to 2016. That’s insane!

The statistics for the healthcare industry are even grimmer. Healthcare is the most breached industry. It sees 340% more security incidents and attacks than the average industry, and is more than 200% more likely to encounter data theft. Healthcare is 4 times more likely to be impacted by advanced malware than any other industry, and is 4.5 times more likely to be impacted by ransomware. And healthcare is 74% more likely to be impacted by phishing attacks than any other sector.

The Impact of Ransomware on Healthcare

A successful breach on a healthcare organization can mean:

  1. the loss of money,
  2. the loss of brand reputation,
  3. the loss of Protected Health Information (PHI), and sadly
  4. the potential loss of life.

According to the Ponemon Institute’s 2015 Cost of Data Breach Study, the healthcare industry has the highest cost per record stolen of any industry at $363 per stolen record.

Unique to the healthcare industry, the impact of malware isn’t just a matter of losing money. As dramatic as it may sound, people’s lives are at stake. What happens if a hospital’s systems are down because of malware or a ransomware attack, and they can’t provide emergency services to a patient? Could that patient lose their life? Or could the delay in service cause additional health complications for that patient?

As an example, when MedStar was recently locked out of their systems as a result of a ransomware attack, they were unable to provide radiation treatment to cancer patients for several days. This is serious!

What Makes Healthcare a Prime Target

There are 3 main reasons why the healthcare sector is targeted so much by cyber criminals.

  1. Healthcare records contain the most valuable information. The data healthcare organizations store on patients includes personal identities and medical histories, which makes it a very complete data set. This is a goldmine for identity thieves. This is why healthcare records are about 10 times more valuable than credit card details on the black market.
  2. Healthcare data doesn’t change. Unlike other types of data cyber criminals steal, patient data stored by healthcare organizations can’t be easily changed. If your credit card company gets breached, you can easily change your username and password, and get a new credit card number. No big deal. But if your hospital gets breached, you can’t just go get a new social security number. Compromised health information can haunt you for a lifetime.
  3. Healthcare organizations don’t prioritize security. Because the healthcare sector in general hasn’t kept up-to-date with modern security practices like other industries have, attacks on them are more likely to be successful. If you compare healthcare to the financial industry, for example, the financial industry has devoted so many resources to protecting their data that attackers would rather focus on softer targets, like healthcare.

Luckily, Light Point Security’s isolated web browser can protect healthcare organizations from ransomware and other web-based malware. Our Full Isolation technology is the strongest in the industry, and offers the best user experience. Contact us today to learn how we can keep your data safe.

Tech Faceplant: Dropbox Infinite
Posted on by Beau AdkinsCategories Computer Security, Opinion, SecurityLeave a comment on Tech Faceplant: Dropbox Infinite

Dropbox Project InfiniteLast month, Dropbox pulled back the curtains on their next new major feature, titled “Dropbox Infinite”. However, the details about how they were going to implement this feature left the majority of the audience dumbfounded. This is another one of those occasions where tech companies make a decision against the outcries of their customers, and even in the face of that backlash, just chug happily along.

Dropbox Infinite sounds like a pretty cool idea. It would make your Dropbox storage area appear as its own drive in your OS. It’s an idea that few people would complain about. However, when Dropbox revealed that they would implement this with kernel mode extensions, people’s heads started exploding.

By implementing this in the kernel, it puts the user’s system security at much higher risk than if it were implemented in user-mode. When code runs in the kernel, it has complete system access. It can read, write, or delete any file. If malware gets a foothold in your computer’s kernel, then it’s no longer your computer. Any programming mistake in the kernel means the whole system crashes (the infamous Blue Screen of Death). For these reasons, users should be wary of every piece of code they allow to run there. A product like Dropbox, used to manage remote shared file backups, seems like a poor candidate for kernel level code. It would be like Microsoft announcing the next version of Internet Explorer will run primarily in the kernel. It would be the worst idea in the history of computing.

The Dropbox article mentioned an open-source project called FUSE, which could have been used to implement this in user-mode. But they scrapped that idea because it incurred an extra kernel-mode context switch which has performance implications. Like a commenter observed, the performance of a context switch is practically nonexistent compared to the cost of performing network operations with the Dropbox servers.

The article received numerous comments, which were mostly negative. A common theme in those comments was the hope that this feature was optional. Dropbox never clarified if this was mandatory or not. If they make it mandatory, it will be an enormous faceplant. It’s quite obvious that the users are not ready for it. Maybe one day they will be, but not today. Forcing it on users now will only hurt Dropbox.

Sadly, this sort of thing happens all the time. Tech companies come up with an idea that they believe their users will go gaga over. But when they announce it, it is met with vitriol. Instead of just admitting a mistake and scrapping the idea, they double down, and shove it down their users’ throats anyway. Think Windows Metro or Chrome removing support for plugins. Listen to your customers. If you announce a new product change that causes your customers to threaten to leave, its not too late to go back to the drawing board.

Categories
Archives