This Cyber Weekly includes:
Thanks to all 2910 subscribers! If you like receiving the cyber news every week, be sure to show your support by sharing the weekly posts. It helps a lot!
As you may have heard, Rogers, one Canada’s biggest telecom operators, wiped out 10 million people and 2.25 million retail’s access to the Internet. It’s not available in Montreal, but Rogers offers Internet services in addition to cellphone services. The blackout affected banks, businesses, transport, government and every day people. People couldn’t even call 911. Interac (Direct Debit) was not available. Many businesses quickly switched to cash only payment. ATM services were down. People couldn’t pay their bills because banking services were offline.
Rogers came out and said the outage – that was over 19 hours long - was due to a maintenance upgrade. However, the internet was quick to assume that this might be a cyber attack. (ITWorldCanada) (Reuters)
My thoughts: I know these newsletters are often showcasing cyber-attacks, but this is a great example of how cyber resilience measures are not just to fight off hackers. Cyber resilience strategies including cyber security improve your business continuity strategy. Business continuity strategies and practices ensure your business can run regardless of what comes your way. Regardless whether this was an outage due to an upgrade or cyber incident, Rogers needs to revisit their business continuity plan.
Rogers’ services also went down last year for a “maintenance upgrade.” I find it difficult to understand how the Canadian economy losses up to $600 million because one Internet provider fails in the process of “upgrading” their systems. The total amount lost is still being calculated, but that’s the number that is circulating at the time of this newsletter.
In addition, this outage brings up A LOT of questions:
Professional Finance Company Inc. (PFC), a full-service accounts receivable management company helps thousands of healthcare, government and utility organizations across the USA to ensure customers pay their invoices on time. On February 23, 2022, they were attacked by an unknown ransomware gang. PFC only reached out to customers to advise them they were the victim of a ransomware attack on May 5th, 2022. It is now confirmed that 657 healthcare institutions were affected. Here is the full list of institutions that were affected.
“Sensitive information exposed during the attack includes patients' first and last names, addresses, account balances and information regarding payments made to accounts. In some cases, the files also contained dates of birth, social security numbers, and health insurance and medical treatment information.” (BleepingComputer)
My thoughts: Time and time again, we are seeing third-party vendors putting their clients and companies at risk because of inadequate cyber security measures. As a company, it will fall on your shoulders to vet your vendors because your security will be as strong as your weakest vendor – in terms of cyber security.
Reminder that hacks aren’t limited to your servers, they extend to every platform you are on, including social media. The British Army had their Twitter and YouTube accounts hacked. With over 500,000 combined subscribers, the name and images changed on the profiles were quickly noticed. The hackers promoted NFTs and cryptocurrency.
An Army spokesperson said: 'We are aware of a breach of the Army's Twitter and YouTube accounts and an investigation is underway.
'We take information security extremely seriously and are resolving the issue. Until the investigation is complete, it would be inappropriate to comment further.' (dailymailUK)
My thoughts: Social media is an extension of your brand. Your profiles represent your company. In the past, posts on social media have ruined companies’ reputations. In other words, they matter. It’s how millions of organizations communicate with their audience and build their reputation. Any army that doesn’t have a hold of their social media is devastating to their brand. At the very least, enable two-factor authentication on all your social media.
Last week, the hotel chain, Marriott, got breached for the third time in the last five years. Luckily, this time, only 20 GB of data was stolen. Up to 400 customers and employees will be notified that their information might be compromised. A good portion of what was stolen was internal documentation. The hacker criminals have yet to identify themselves. The hotel chain notified law enforcement.
My thoughts: With Bill 64 in Quebec, companies who lose sensitive data more than once and prove to be grossly negligent, will be heavily fined. The more I read these stories, the more I think it’s the only way for large enterprises to proactively implement business continuity measures.
Assurance IT has officially launched a new Veeam promo. When you renew your Veeam Support Contract with us, you get 1TB of Cloud Connect Backup for free - $1000 value - for making the switch. The promo is only available for new customers.
If you're too busy to get in long boring meetings that usually comes with switching vendors, we set it up so that you just need to fill out a form to get it all started.
We understand that 1TB is amazing, and we want to make it easily accessible.
Just fill out the form on this page: https://www.assuranceit.ca/veeam-with-assuranceit
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.