What happened:
In Q2 we discussed the case of CNA Insurance falling victim to a ransomware attack.
Why is this important?
CNA reported that more than 75,000 personal records – which appear to be related to employment and internal administration – were taken by the ransomware attackers before encryption began. Hundreds of systems were encrypted and CNA’s email and CMS systems were reported as inoperable for days.
What does this mean to me?
HALOCK alerted our readers to this ransomware attack urging you to speak with your cyber insurance carriers to be sure they protected the information you provided them about the security of your systems.
While this is still a good practice, we also now see another example of a pattern – the unprotected internal information. Organizations that operate formalized cybersecurity programs most often prioritize the information assets that hold regulated information, such as consumer data.
The rise of ransomware and business email compromise should remind you to pay as much attention to “internal” information (including business data, intellectual property, financial systems, financial accounts, and employee data) as you pay to regulated, consumer data.
Related threats
Malware – Ransomware
System attacks
Personnel error
Related vulnerabilities
Organizations who rely on one or few controls to protect data and files.
Helpful controls
A multi-layer approach to securing information should include:
- A data classification program.
- Least privileges assigned to users and end-user systems.
- Micro-segmentation to enforce data classification.
- MFA on sensitive information.
- Policy-based access control through IAM.
- DLP on the network and end-user workstation.
For the win … conduct a security architecture review against the new CIS Community Defense Model to determine how well your layers of defense protect your data and systems.
Commonality of attack
High
