Two recent articles highlighted the quickly evolving – and increasingly impactful – fallout relating to cyber incidents, including encryption-less ransomware (and double/triple extortion), the costs of a breach, the cyber insurance impact, and the need to notify relevant parties; from customers to regulators.
We’ll draw lessons from these news items, with a view to ensuring your organization is fully equipped to deal with the challenges that can have a material impact on your business, and even your career.
Story #1: Columbus, Ohio Data Breach: The Fog of Uncertainty
The ransomware attack on Columbus has potentially compromised the personal data of nearly half a million citizens and numerous city employees, but details remain scarce a month after the breach. City officials, led by Mayor Andrew Ginther, have been tight-lipped, providing minimal information about the extent of the damage or how services have been affected. Initial claims that the city thwarted the attack have been questioned, as a cybercriminal group called “Rhysida” demanded $1.66 million in Bitcoin and began leaking sensitive data on the dark web.
Ginther’s assurances that the leaked data was unusable were quickly debunked by cybersecurity experts, revealing that significant amounts of personal information were indeed compromised. Despite public concern, city officials have not disclosed which systems were breached or the full extent of the data stolen. The ongoing federal investigation has been cited as the reason for the lack of transparency.
There is no clear estimate of the financial impact, but the city has already spent over $500,000 on credit monitoring for employees, and the cost is expected to rise significantly, especially with the expansion of credit protection to affected citizens. A class-action lawsuit is underway, and the city’s response to the attack continues to be scrutinized.
It’s thought that the major issue here is that no one knows exactly what’s been taken, what’s been accessed, and certainly there is no control over data already exfiltrated.
While these may seem par for the course when it comes to an attack like this, the reality is a lot different.
With ITsMine, companies get unparalleled protection against data breaches, even in the face of double or triple extortion ransomware attacks.
Key Highlights:
- No need to notify customers about a breach
- Complete visibility of leaked files
- Enhanced protection with the ability to render leaked files inaccessible
- Evidence that ensures no unauthorized access attempts
Imagine a world where even after a data leakage, you can rest easy knowing their information is secure and notifications are unnecessary. This is the power of ITsMine.
Story #2: Healthcare is the Cyber Security Canary in the Coal Mine
The expression “canary in the coal mine” refers to an early warning signal of danger or trouble, originating from the practice of using canaries in coal mines to detect toxic gasses before they could harm miners.
In this case, the healthcare sector is acting as that canary when it comes to the cyber threats organizations are likely to face in the near future.
John Riggi, the National Advisor for Cybersecurity and Risk for the American Hospital Association, talks about the critical risk facing the industry: and warns others that they could be next.
In a recently released piece article titled “Third-Party Cyber Risk Impacts the Health Care Sector the Most. Here’s How to Prepare,” Riggi notes the following:
- Enterprise-wide risk: Cyberattacks in healthcare (and other industries!) are not just an IT issue but an enterprise risk, threatening patient care, safety, and overall community health.
- Impact of third-party breaches: Attacks on third-party providers can be more disruptive than direct hospital attacks, affecting critical healthcare services and having a widespread impact across regions.
- Increased targeting: Cybercriminals focus on healthcare due to the strategic value of third-party providers, with a significant increase in breaches related to health care business associates.
- Hub and spoke strategy: Cybercriminals use a “hub and spoke” approach, targeting a single third-party provider to disrupt multiple healthcare organizations, making third-party risk management essential.
- Preparation strategies: Healthcare organizations should bolster their third-party risk management programs by reviewing governance, implementing risk-based controls, ensuring clear communication, and preparing for incident response and recovery.
Again, accepting the status quo just isn’t good enough anymore. The fact that ITsMine offers the following functionalities means that organizations not protecting themselves with this readily available technology will have serious questions being asked.
With ITsMine however, you can be safe and secure. If there’s a suspected 3rd-party breach, you can
- Know exactly which files were accessed
- Who they belong to
- What the details are
- Who needs to be notified (and who doesn’t)
- Have the ability to kill all sensitive files remotely
You’re in control of your own data, no matter where it is! This is nothing short of revolutionary.
Conclusion: 1 Important Message About Data Breach Costs, 3rd Party Risk, Cyber Insurance, Notifications, and Encryption-less Ransomware
The ground underneath cyber security and resilience has shifted. Increasingly, the major issues that need to be addressed revolve around data breach costs and notifications, 3rd-party vulnerabilities, cyber insurance, and encryption-less ransomware.
ITsMine addresses all of these risks in one powerful solution. To learn more, get in touch with the ITsMine team today.
ITsMine changes the game by providing immediate information on what was stolen or accessed, where it is, and who owns it. This enables you to notify only the relevant parties, cutting down on costs and minimizing disruption. Any sensitive data can be remotely deleted.
The circle of notification becomes a pinprick: regulators are satisfied, cyber insurers are overjoyed, and it’s business as usual for you.