In this Cyber Weekly, we explore the cost of downtime and what it means to be proactive. Also, as we know, many breaches could be avoided. Here are 5 cyber attacks that could have been avoided if proper email security was in place.
Thanks to all 16,260 subscribers. It really takes a community to fight against cyberattacks. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network!
In this week's Cyber Weekly:
Cold storage and logistics company, Americold, was hit with a breach last Tuesday. They immediately contained the attack, but are investing what interrupted their operations, according to some employee reports. They are speculating that their systems will be down for at least another week. Americold has not issued an official statement about the incident, but have asked customers to cancel “inbound” deliveries while they work on prioritizing the most critical “outbound” deliveries. As a result, it’s not confirmed that their “network issue” was in fact a ransomware attack. (bleepingcomputer)
Americold’s revenue in 2022 was $2.91 billion.
My thoughts: With some quick math, we can assume that Americold makes $7.97 million dollars a day ($2.91billion divided by 365). In other words, their operations being down for one week will cost them $55.8 million. Note, this calculation is purely speculative. It’s to exemplify the cost of downtime and how downtime is usually more costly than any other part of getting attacked.
Salesforce Community is a cloud-based software product that makes it easy for organizations to quickly create websites. It’s possible to access these websites with authenticated access and as a guest. When signing in as a guest, no credentials are required. It has now come to light that Salesforce administrators mistakenly grants guest users access to internal resources, therefore, potentially leaking sensitive information to unauthorized parties. Companies with Salesforce Communities are being told about this issue. The Huntington Bank in Ohio and the State of Vermont are just a few on the list. (krebsonsecurity)
My thoughts: Why are guests being granted access in the first place? There is no reason that a bank should give unknown users access to sensitive information. This just sounds irresponsible to me.
Western Digital is a storage company located in California. They just confirmed that hackers exfiltrated their data last week. The unauthorized third party gained access to many internal systems. They are working with an unnamed cyber security firm and law enforcement to understand what happened. Western Digital said it’s “implementing proactive measure to secure its business operations.” (techcrunch)
My thoughts: Businesses are not being proactive if they are worried about security measures AFTER they got hacked. That’s not the definition of proactive. They are being reactive. What’s worse is that Western Digital was part of a security scandal back in 2020 when they were sued for using a type of recording technology in its NAS line of customer drives without explicitly informing their customers. In my personal opinion, Western Digitals Security officers need to apply more priority when it comes to securing their enterpise.
Cornwall Community Hospital continues to deal with the repercussions of a cyberattack on its computer network, and warns patients could face delays for scheduled and non-urgent care. The hospital notes on its website that while the incident may impact user access to MyChart medical records, its clinical electronic health record system has not been impacted by the cyber attack.
Details have not been disclosed about what type of cyber attack this is, but technology analyst, Carmi Levy, says it’s likely ransomware.
CCH is the latest in a string of cyber attacks targeting hospitals. In 2021, the Kemptville District Hospital reported an attack that forced the hospital to take its network offline and temporarily close its emergency department. (ctvnews)
My Thoughts: As stated in the article, hospital attacks are happening more often than we like. When ransomware attacks and data breaches start messing with people’s health and well being, we need really starting reconsidering our security strategy. Delayed treatments, missed diagnosis, leaked Personal Health Info (PHI) leading to potential fraud are reasons why Hospital executives need to prioritize their cyber security. There is too much at stake.
Assurance IT is on a mission to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, and Microsoft 365 backup. Help us accomplish this mission by sharing this newsletter to your network!
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.