by Dr. Jose I. Delgado

The explosive growth of digital technologies around the world is opening new potential domains for conflict and the ability of both State and non-State actors to carry out attacks across international borders, the United Nations High Representative for Disarmament Affairs said today as the Security Council held its first-ever open debate on maintaining peace and security in cyberspace.

https://www.un.org/press/en/2021/sc14563.doc.htm

The digital world is rapidly expanding and evolving, and likewise, as are cybercriminals who have relied on the illegal use of digital assets—especially personal information—for inflicting damage to individuals. One of the most threatening crimes of all internet users is that of ‘identity theft’ (Ramanathan and Wechsler, 2012) which is defined as impersonating the person’s identity to steal and use their personal information (i.e., bank details, social security number, or credit card numbers, etc.) by an attacker for the individuals’ own gain not just for stealing money but also for committing other crimes (Arachchilage and Love, 2014). Cyber criminals have also developed their methods for stealing their information, but social-engineering-based attacks remain their favorite approach.

https://www.frontiersin.org/articles/10.3389/fcomp.2021.563060/full

Data breaches are rife and ransomware attacks are soaring in number and severity the world over. While we may not hear about these incidents as much as we do Covid, cybercrime is now so pervasive that organizations are being called on like never before to safeguard against this equally insidious and invisible threat.

https://kordamentha.com/insights/2022-and-the-rise-of-cybercrime-–-making-headlines

There is no question that cyber security experts agree that cybercrime is increasing. COVID also added to this growth by accelerating the remote operations field in just about every field. The fact that many persons started to rely on their security devices and home networks was nothing but the perfect gift for cyber criminals.

Mr. Stuart Rauch wrote about this problem in an article published on Simplilearn titled CyberSecurity and the Threat of Mobile Devices: A Perfect Storm. In this article Mr. Rauch identified the following ways employees use of mobile devices put themselves and their organizations at risk:

  1. Data leakage: Mobile apps are often the cause of data leakage because users give the apps on their phones all kinds of permissions without checking security. These apps can send personal and corporate data to a remote server.
  2. Unsecured WiFi: When employees are out and about, they’re accessing corporate networks with little or no thought to the risk posed by public WiFi networks that are not secure, when at coffee shops, waiting airports, or even while at a sports event.
  3. Network spoofing: Speaking of public places, network spoofing is another user-caused vulnerability. Hackers set up fake access points that look like Wi-Fi networks in high-traffic public locations such as coffee shops, but they are traps. When users are prompted to create an account to access this free WiFi, they typically use an email address and password they’ve used elsewhere. Then what? Then the hackers gain access to email and other secure information, including corporate data.
  4. Phishing: Apparently, people checking email on mobile devices are much more vulnerable to phishing attacks since they check their email so frequently. In addition, on a smaller screen, it’s easier for a phishing email to pass as a legitimate one.
  5. Spyware: Simply put, spyware is software that gathers data from a computer or other device and forwards it to a third-party.
  6. Broken cryptography: Broken cryptography happens when app developers use weak encryption algorithms with known vulnerabilities because they want to develop the app faster. Broken cryptography also happens when app developers use strong encryption but leave open back doors.
  7. Improper session handling: Improper session handling results from apps being built in such a way that users don’t have to re-authenticate their identity. Yes, this makes using mobile apps faster, but it makes it easier for a hacker to impersonate legitimate users.

The American Hospital Association (AHA) and the Cybersecurity and Infrastructure Security Agency (CISA) not only agree with the increased risk but also have issued warnings for organizations and individuals to be alert and prepared in case they become targets of a cyber crime. CISA actually posted recommendations that if implemented will decrease and or reduce the damages in case of an attack.

CISA’s recommendations are as follows:

Cybersecurity measures Suggested steps
1. Reduce the likelihood of a damaging cyber intrusion.
  • Check all remote access privileges to your data, computers, devices, and network.
  • Find out if your IT team follows the Principle of Least Privilege (PoLP). This can be likened to HIPAA’s Minimum Necessary. In simpler terms, only authorized people who need access to specific data, software, etc., should be given IT privileges.
  • Require multi-factor authentication. Nowadays, a username + password login procedure is NOT enough protection.
  • Ensure that your IT team has reviewed and secured all ports and protocols.
  • If you utilize cloud services, find out if your IT team has applied strong controls. Click here for CISA guidance on cloud services – https://www.cisa.gov/uscert/ncas/analysis-reports/ar21-013a
  • Conduct a Security Risk Assessment (SRA), and apply a Security Management Plan.
2. Take steps to detect a potential intrusion quickly.
  • Confirm whether your IT team is vigilant in recognizing unusual or unexpected network behavior.
  • Ascertain that your network, computers, mobile devices have updated and robust antivirus/antimalware software.
3. Maximize the organization’s resilience to a catastrophic cyber incident.
  • Examine data backup procedures and validate whether your backup data are adequately protected and isolated from network protections.
  • Be prepared and take the necessary steps so that vital functions remain operable if your network is unavailable, untrusted, or attacked.

I personally have worked with companies that ignore the warnings based on the concept of “not me”. I have others that simply do not want to expend the money or effort to increase their security. Sadly to say, we are now working on the remedial steps as they have been victims of a successful cyber attack.

I used to say that if you offer medical services in the United States being sued for malpractice was not an if but a when. Now with cybercrime I basically have expanded that to include everyone (organizations and individuals) globally.