Jack’s Hacks: Summer Edition
This month Jack goes over some best practices that will help you stay safe this Spring. We also cover some of the major breaches that have caused service outages and the latest cybercrime trends.
The Last 30 Days in Cybersecurity: Notable Breaches, Outages & Ransom Demands
Cyberattacks Upend Operations for Thousands of Car Dealerships Across North America
A recent cyberattack on CDK Global, a major provider of automotive dealership software, forced the company to shut down its systems to protect customer data. This left thousands of dealerships without access to critical applications for sales, financing, and service. The disruption has been severe, with dealerships unable to schedule service appointments, look up parts, or print repair orders, and some employees were sent home. J.D. Power and GlobalData predict a 5.4% decline in U.S. retail car sales in June due to the attack. CDK is using a phased approach to restoration, having brought two small dealer groups and one large publicly traded group back online, while working to restore additional applications and customer care channels.
Cyberattacks Put America’s Drinking Water at Risk
A recent report highlights increasing cyberattacks on America’s drinking water infrastructure, with China, Russia, and Iran identified as key threats. These attacks aim to disrupt essential services and create chaos. Notable incidents include the Chinese group Volt Typhoon infiltrating critical systems and Russian-linked hacktivists targeting utilities in Texas. The Biden administration has responded with executive orders and EPA enforcement actions to bolster cybersecurity, but many water providers, especially smaller ones, struggle with limited resources and technical capacity. The water sector is made up of many small, independent providers, which makes it harder to defend against cyberattacks. This situation highlights the need for a well-coordinated plan to protect public water systems.
Cyberattack on South African Lab Risks National Healthcare Crisis
On June 22nd the National Health Laboratory Service (NHLS) of South Africa was targeted by a ransomware cyberattack, causing severe disruptions to its operations. The attack exploited vulnerabilities in NHLS’s digital infrastructure, resulting in delays in laboratory testing across public health facilities. Access to test results, emergency services and intensive care units nationwide have been impacted by the breach. Despite efforts to recover compromised data, including over 6.3 million unprocessed blood tests, full system restoration is expected to take weeks. The incident underscores broader cybersecurity challenges in the region, following similar attacks on other government agencies and healthcare providers in South Africa and Kenya earlier this year.
The Latest in Cybersecurity
Windows Recall: More of a Security Risk Than a Beneficial Feature
A new feature slated for release on June 18th for Copilot+ and PCs is stirring up quite a bit of controversy. Windows Recall promises to snap desktop images every few seconds, analyze them using AI, and allow for easy, natural language search—a move that’s sparking concern among tech journalists, privacy advocates, and cybersecurity experts like yours truly. The idea of our personal data becoming so readily searchable on PCs could make it a magnet for cybercriminals. It’s a reminder that in the world of technology, features introduced to “help” us can sometimes come with unintended risks to our privacy and safety. While Microsoft assures us that Recall won’t be enabled by default in the ON configuration, it’s wise for everyone to double-check this. It’s also a good idea to verify after updates. We all need to be vigilant and take responsibility for our own privacy and security. Unfortunately, many app developers don’t prioritize these concerns.
Here’s how to confirm Recall is NOT enabled:
- Open ‘Settings’
- Navigate to ‘Privacy & Security’
- Choose ‘Recall & Snapshots’
- Disable ‘Recall’
You can also search for ‘Recall’; if it doesn’t appear, you might not have the feature yet, but it’s likely to be introduced eventually.
Notes from Operation: Defend the North 2024
In June, I had the pleasure of being part of the first cohort of “defenders” at the first Operation: Defend the North organized by siberX.
Defend the North is a cybersecurity exercise focusing on defending critical infrastructure in Canada against cyber threats. Organized by siberX, the operation aims to enhance the cybersecurity capabilities of participants through realistic simulations of cyberattacks. The exercise includes a series of workshops, training sessions, and hands-on activities designed to improve the response and coordination among various stakeholders, including government agencies, private sector entities, and critical infrastructure operators. The goal is to build resilience and ensure the security of essential services in the face of evolving cyber threats.
Here are some key takeaways from the 3-day event:
- We need to build strong threat intelligence sharing networks among organizations to identify potential threats more quickly and effectively. By conducting thorough investigations at multiple points and implementing widespread monitoring systems, we can detect and isolate threats more effectively.
- It’s important to have communication strategies for the public and businesses to prevent panic and chaos, especially during supply chain disruptions. To maintain stability, updates must be timely and transparent; collaboration with supply chain partners is essential to effectively manage disruptions.
- Corporations, government and individuals should implement a proactive cybersecurity strategy that includes regular penetration testing, detailed incident response plans, and frequent training drills. All stakeholders should be engaged in these activities, so they understand their roles and are prepared for incidents.
- Across the board, we need to enhance logging and monitoring capabilities and establish coordination mechanisms between departments and external entities. CISOs and key personnel must be trained and prepared for nation-level incidents through regular threat simulations and preparedness drills.
- Basic security controls continue to require the most focus for organizations of all sizes. Too often effort is deployed into advanced tools when basic solutions such as enhanced endpoint protection are not upgraded to meet the current threat landscape.
- Cybersecurity experts should leverage cyber insurance for proactive risk management, ensuring compliance with insurance requirements and utilizing advisory services offered by insurers. Also crucial: promote the benefits of cyber insurance, advocate for provincial mandates, and ensure organizations adhere to mandated controls.
Jack’s Top Monthly Hacks
For Businesses:
Strengthening Your Cybersecurity: Focus on the Basics and Invest in EDR
Despite the hype around AI and the increasing sophistication of cyberattacks, the reality is that most attacks are still quite basic. They often succeed because people and organizations overlook fundamental cybersecurity practices. Are you actively improving these basics?
I often discuss the five key areas of cybersecurity, and one of the most frequent questions I get asked by business leaders is “what’s my number one cybersecurity recommendation for SMEs?”. Assuming you already have Multi-Factor Authentication (MFA) in place, my top suggestion would be a fully managed Endpoint Detection and Response (EDR) solution. This is arguably the best investment any business can make to enhance their security posture.
For EDR to be effective, it’s crucial for it to be outsourced to a specialized security firm with 24/7 capability to respond to threats. Using internal resources often falls short in the long run due to time constraints. What happens when your team members are in meetings or asleep?
Through our partnerships, we help our members implement fully managed EDR solutions at affordable rates. Regardless of the solution chosen, ensure it can act autonomously while having real experts ready to respond immediately.
Of course, I encourage attention to three other areas: improved cloud security and backup, regular patching, and ongoing cyber awareness and phishing simulations. However, investing in fully managed EDR currently offers the highest return. Once implemented, I recommend budgeting for these other elements. None of this needs to break the bank, but it does require careful planning.
While not the most thrilling topic, these simple security measures are crucial in preventing most attacks and minimizing their impact if you do face one.
My five tips to enhance cyber resiliency:
- Multi-factor authentication (MFA) and/or two-factor authentication (2FA) on everything
- Managed EDR
- Enhanced cloud security and backup
- Managed system patching
- Monthly cyber awareness training and phishing simulations
For Individuals
QR Code Safety: What You Need to Know
We encounter QR codes everywhere nowadays, and while they offer convenience, they also pose significant risks. Cybercriminals exploit QR codes to lure people into visiting malicious websites or downloading harmful software onto their devices. They often overlay their own QR code stickers on legitimate ones, seamlessly executing malicious actions while redirecting users to the intended restaurant menu or website, leaving them unaware of the danger.
Scanning a QR code is akin to clicking on an unknown link in an email from an unfamiliar sender—something most of us would avoid. Yet, many people assume QR codes are safe. As a general rule, it’s best to avoid using QR codes altogether. However, there are situations where they’re unavoidable. In such cases, it’s crucial to have robust security software on your device. Ideally, use a QR code scanner that checks the destination beforehand to safeguard against malicious codes.
Learn more in our blog article: Seven Common QR Codes to Avoid
Sign up for the BOXX Insurance Newsletter
Get the latest updates about Cyber Insurance and Protection with our newsletter.