Hackers Don’t Discriminate

CyberClan Experts Share the Latest Threats with HIROC Subscribers
 

“We’re a small company, we’re not a target.” This kind of thinking, says Richard D'Souza, President and CEO of CyberClan, is worrisome. What D'Souza and his team know to be true is that everyone is a target – when it comes to individuals and large or small organizations, D’Souza says, “Hackers don’t discriminate.” 

CyberClan is an end-to-end Managed Security Services Provider that focuses on three key areas of cyber security: incident response services, risk assessment services, and managed detection and response services. To help drive change, educate, and mitigate risk, HIROC and CyberClan recently struck a new partnership. 

During a HIROC webinar on September 15, Richard D'Souza and CyberClan’s Chief Operating Officer, Kadir Levent, did not tread lightly on the subject of emerging cyber threats. If you missed it, watch the full webinar. 

Discovering a threat: Time is of the essence

Levent compared a cyber event to a house fire. “It’s happening right now – the longer you leave it, the worse it’s going to become.” 

For Subscribers, both HIROC and CyberClan can only jump in to help once we know what’s going on. Gareth Lewis, HIROC’s Vice President of Claims, says HIROC should be one of the first few calls Subscribers make once they learn about a cyber event. 

With ransomware it’s possible that when a threat actor makes its way into your system, files may start encrypting before your eyes. Even with email, CyberClan says they are now seeing rules put in by threat actors where someone else will actively be receiving copies of your emails. “Time is definitely of the essence,” said Levent.

Best practices to adopt today

When asked what Subscribers can do today, to help mitigate risk before a cyber event has taken place, D’Souza and Levent focused on two key areas:

1. Investing in monitoring tools and the right people – It’s fantastic to invest in the latest technology, but you need a driver behind that technology. Organizations need to ensure they have the right people or tools to actively monitor – investing in technology that monitors your systems 24/7 is just one example. D’Souza says this is also a matter of knowing when to call in the experts because threat actors move quickly; he cited the example of threat actors only needing 18 minutes to penetrate and encrypt a system.
2. Educating your people – Subscribers need to prioritize education around best practices for their staff and their partners. Threats are constantly evolving so training the end-user is very important; D’Souza referred to these users as ‘Human Firewalls’. CyberClan advises organizations to do monthly phishing tests and quarterly drills on incident response plans. 

Passwords was another hot topic raised during the webinar. Levent says a basic six-character password can be cracked almost instantly. Adding a symbol and a number now takes only five seconds to crack. He says a decent password today is a minimum of ten characters with uppercase, lowercase and symbols – these take around five years to crack.   

New threats emerging with remote work

“Given that many of us are now working virtually,” said Jennifer Quaglietta, HIROC’s Vice President of Performance Excellence and Information Services, “it is ever so important that we are proactive in ensuring we are at the forefront of new technology and processes in order to prevent cyber criminals from accessing our data.”

The rapid shift to remote work when the pandemic struck this past spring, caused many organizations to quickly transition from their traditional office environment. Levent says security wasn’t always at the forefront of these moves, citing the example of cloud-based software. 

While he was quick to praise cloud services like Microsoft 365, Levent says these can become added vulnerabilities when organizations simply switch them on and leave the default configurations untouched.

Another point of discussion was organizations incorporating the use of personal computers while staff work offsite. Not taking careful precautions with regard to devices and putting the right security protocols in place could open your organization up to a serious security risk. 

As your trusted healthcare safety advisor, HIROC is here to provide guidance and support on risk, safety, insurance and claims. “As you map out your decisions and plans on how best to deal with all things cyber security, it is important that you know we are here for you,” said Quaglietta.

For HIROC Subscribers with questions about best practices or coverage queries, reach out to [email protected]. 

Learn more about cyber security

Subscribers looking to learn more about cyber security and the threat actors out there today should consider these resources:

• Cyber Risk Management: A Guide for Healthcare Providers and Administrators
• Key Measures for Preventing and Mitigating Cyber Attacks and Ransomware 
• The Canadian Centre for Cyber Security

If you missed our September 15 talk with CyberClan, watch the full webinar.

By Michelle Holden, Lead, Communications & Marketing, HIROC