Healthcare is one of them most heavily targeted when it comes to cyberattacks. The only other industry that is targeted as much more than healthcare is typically financial institutions and government agencies (no surprise there). One of the main ways that healthcare companies are targeted is through the interconnected devices that exist in the building. If you think of a hospital room, you can imagine all of the different devices used to monitor the patient, collect information on them, administer drugs and so on.
On average a security breach globally cost about $3.68 million dollars, 6.75 million in Canada and in the united states that cost is $8.64 million. It’s common knowledge that a cyberattack does damage to a company, but it’s not so obvious how a cyberattack may affect a company’s underlying value. Obviously there’s a labour cost to all the employees that will work to fix it but there are many other ways that a cyberattack costs a company money that may not be apparent.
While GitHub is a great place for sharing code, it’s also a common place for people to accidentally leak company secrets. The problem is when developer’s post code to GitHub they can unintentionally post company information that is hidden within that code, including but not limited to IP addresses, domain names, passwords, usernames, emails and access keys.
WordPress is one the most popular platforms for creating websites, WordPress supports roughly 40% of all websites on the internet and that makes it one of the most targeted websites for hackers. It’s common for websites to get hacked due to poorly designed plugins, themes or just out of date software. In response to this many companies have developed plugins for WordPress that help people to protect their websites from getting hacked. This list highlights some of the best security plugins that you can use to protect your website.
Cyber threat intelligence is all about gathering information about threats and threat actors that may help mitigate harmful events. Every day new types of malware are being created and it’s not realistic to expect your security staff to keep track of this information on their own. There are just way too many moving pieces, therefore cyber threat intelligence is important to help you focus on what’s most important to you. Companies do this by gathering information on threats that are targeting companies with a similar profile to their own. For example, if you’re a financial institution in North America, there are threat intelligence groups and sources that provide actionable intelligence tailored specifically for financial institutions in North America.
An often overlooked aspect of securing your business is how you deal with third party vendors. As part of your business you may need to share information, software or access to your computer network with other businesses and this creates a potential security risk. Any information that you share with a third party vendor is still your responsibility. If they have a data breach, you have a data breach and you will be responsible for notifying your customers and regulators, the same as if your company was the one that was hacked. Also, hackers can use the connections between different companies as a means to pivot from one company to another.
For penetration testing there are several tools/software that is used within the industry. You could go and download each of these software programs individually, but this isn’t usually how it’s done. The more efficient and industry standard way is to use a pre-made distribution which comes installed with all the penetration testing tools you would need to do your job. Two of the most popular distributions for penetration testers are known as Kali Linux and Parrot OS.
Infosec, stands for information security and this is the process of protecting a company’s information assets from all types of risk. While cybersecurity focuses solely on protecting information assets from cyber attacks, information security is a superset of cybersecurity that includes physically securing information assets.
System hardening is the process of securing a computer system by reducing the amount of vulnerabilities that it has. When a computer is initially purchased and set up, its default configuration can contain many non-essential services and settings that may be used by hackers to get access to the system. System hardening is the process of removing or changing these default settings so that a computer can be as secure as possible before it is used in production.
A patch is a set of changes for computer software that is meant to update, fix or otherwise improve the program. Most patches add new features, fix bugs or optimize software in some way, but many patches are for security purposes. When developers are made aware of a security issue for their software they create a fix for that issue and distribute it to the users using a new patch.