Blog Archives

Buckle Up! CYGNVS’ Cybersecurity Predictions for 2024

12/11/2023

Link: https://info.cygnvs.com/resources/insights/buckle-up-cygnvs-cybersecurity-predictions-for-2024

Strap in and prepare for a wild ride in 2024, as it is already shaping up to be a pivotal cybersecurity year. Bolstered by generative AI (Artificial Intelligence), ransomware uptrends, evolving regulations, and a booming cybercriminal economy, threat actors have more resources to launch detrimental attacks on organizations of all sizes.

“In 2024, we will witness a heightened emphasis on preparedness and response, spurred by impending SEC regulations and the recognition of an ever-evolving threat landscape, where adversaries often outpace our defenses with new challenges. As we approach 2024, I am reminded of a 2,000-year-old lesson from Epictetus: ‘It's not what happens to you, but how you respond’ – a timeless wisdom that resonates now more than ever.” says Kevin Gaffney, CTO at CYGNVS.

According to Cybersecurity Ventures, global cybercrime costs are projected to grow by 15% annually over the next two years, reaching a staggering $9.5 trillion in 2024 and 10.5 trillion by 2025. To help organizations brace for what lies ahead, our team of cybersecurity experts at CYGNVS share five trends expected in the coming year:

Adversarial AI Attacks: The use of AI in cyberattacks will increase, enabling threat actors to automate and optimize their attack strategies by accelerating and expanding every aspect of their toolkit. AI-driven attacks will make it difficult for traditional cybersecurity measures to keep pace and identify these threats effectively.
Ransomware Evolution: Ransomware attacks will become even more sophisticated and opportunistic. Cybercriminals will employ advanced tactics, such as AI-driven attacks and exposing supply chain weaknesses, making it increasingly challenging for organizations to defend against and recover from these attacks. Ransomware demands and extortions will continue to increase as the volume of ransomware attacks continue to increase across all sectors and industries.
Critical Infrastructure Threats: Critical infrastructure, including power grids, hospitals, and transportation networks, will continue to be at higher risk of cyberattacks. Nation-state actors and cybercriminal groups will continue to target these environments, potentially causing significant disruptions and endangering public safety.
IoT (Internet of Things) and 5G Vulnerabilities: The widespread adoption of IoT devices and the implementation of 5G networks bring forth unparalleled connectivity but also expose new vulnerabilities. IoT devices, often characterized by weak security measures, become prime targets for exploitation. Simultaneously, the high-speed and low-latency capabilities of 5G introduce novel security challenges. This combination creates an expanded attack surface, enabling faster and more impactful cyberattacks that organizations must prepare to thwart.
Regulatory Transformation: A significant shift is occurring with regulations, exemplified by the recent implementation of SEC cyber disclosure rules in December. We anticipate a broader trend of governments and regulatory bodies enacting stringent cybersecurity reporting regulations. “In 2024, new SEC cybersecurity regulations will lead organizations to experience a Sarbanes-Oxley moment transforming how they approach cybersecurity” says Kevin. Organizations will face greater scrutiny and potentially severe penalties for data breaches and security lapses. Tighter cybersecurity regulations and mandates will hold C-suite executives and boards accountable.

Cybercriminals will continue to evolve their methods and tactics, while organizations must adapt their cybersecurity response measures. Discover how CYGNVS can help your organization minimize the impact of a cyberattack, to quickly recover and reduce business interruption with the confidence of CYGNVS.

0 Comments

The 3 Most Prevalent Cyber Threats of the Holidays

12/8/2023

0 Comments

Link: https://www.darkreading.com/vulnerabilities-threats/3-most-prevalent-cyber-threats-holidays

Chaos and volume of holiday season sales make a perfect storm of threat opportunity. Companies need to prepare — and practice! — action plans, identify key stakeholders, and consider cyber insurance.

As many of us deck the halls, some folks are dealing with the cybersecurity holiday season — that perilous time of year rife with breaches, attacks, and threats in far greater frequency than in any other time of year. Salesforce forecasts 4% global and 1% US year-over-year online sales growth across November and December — reaching $1.19 trillion and $273 billion, respectively. The surge in cyber business is a welcomed challenge to any organization, with many generating the highest volume of sales per month during those few months.
The chaos and volume of the holiday season doesn't only affect retail organizations. Partners, developers, manufacturers, supply chain, technology providers, communication providers, transportation, support systems, and more are involved in orchestrating a smooth, successful holiday shopping season. These organizations all rely on technology to create, sell, supply, transport, and collaborate. The impact of the season is broad and wide, with connections that span organizations.
For Threat Actors, That Translates to OpportunityThe increased threat activity isn't just due to the volume of business being transacted over technology. There is a perfect storm brewing during that season — a culmination of complexity, resource constraints, and vulnerabilities.
Three threats are most prevalent during the holiday season:

Increased traffic upsets the balance. As business picks up, networks are strained, and employees are busier than usual. Slower networks can leave a company more vulnerable to denial of service (DoS) attacks, and resource-constrained employees may not be able to respond to threats as quickly as they can in other seasons. Attempted ransomware attacks, for example, are predicted to increase 70% in the months of November and December, as compared to January and February, with threat actors often assuming resource-constrained businesses will simply pay the ransom.
The deals are often too good to be true. Phishing attacks also increase as consumers shopping on their employers' networks are more apt to click a link while looking for a better deal, to stay within their holiday budget. According to experts, there is a 30% increase in the average number of ransomware attacks over the holiday period compared with the prior months.
The experts have left the building. Often, employees are out of the office on holiday between the months of November and January, offline, taking their expertise and acute understanding of specific systems with them. This increases the overall vulnerability of an organization.

Preparing a DefenseWhile the threat of a cyberattack is unavoidable, what you can control is how prepared you are for a threat, how quickly you can respond, and your ability to report on that crisis in a timely fashion to regulators, customers, and partners.
For businesses aiming to enhance their preparedness, I suggest taking a few crucial steps.

Identify your team: Outline everyone’s roles and responsibilities — from internal stakeholders to external partners such as legal, insurance, and forensics. Having this clarity in a crisis facilitates a more efficient and rapid response.
Have a plan: Focus on developing a plan with concrete tasks and next steps enabling your team to mobilize swiftly and efficiently.
Practice your plan: Simply having a plan in place is insufficient. In my experience as an incident responder, I've encountered numerous situations where organizations had plans but never practiced them, resulting in their inability to efficiently recover their businesses. As my high school hockey coach often said, "Practice makes perfect," and that also goes for your incident response plans and almost everything else in life.
Have a place to communicate securely and confidentially: I've witnessed threat actors compromising IR engagements due to an IT personnel inadvertently emailing the CEO's business email during a live ransomware incident — thus informing the threat actor that digital forensics and incident response, legal, and insurance were involved. We continue to see this happening in the industry. Establishing a secure out-of-band place to communicate and collaborate is integral in your response and recovery efforts.

The holidays may be the most wonderful time of the year, but they're also the most prevalent time for cyberattacks. With a few simple steps, however, you can make strides to ensure your business is prepared for whatever the next few months have in store.

0 Comments

Alex Waintraub On Why the US Government is Getting Serious About Medical Device Cybersecurity - An Interview With David Leichner

12/7/2023

0 Comments

Link: https://medium.com/authority-magazine/alex-waintraub-of-cygnvs-on-why-the-us-government-is-getting-serious-about-medical-device-2e05e4588551

In an era where technology is revolutionizing healthcare, medical devices — from pacemakers to insulin pumps to hospital imaging machines — are becoming increasingly interconnected. While these advancements offer unprecedented benefits, they also expose healthcare systems and patients to new cybersecurity risks. Cyberattacks on medical devices can result in compromised patient safety, data breaches, and even loss of life. Acknowledging the gravity of the issue, the US Government is ramping up its focus on medical device cybersecurity through regulations, initiatives, and collaborations with industry stakeholders. As a part of this series, we had the pleasure of interviewing Alex Waintraub of CYGNVS.
Alex Waintraub is a cyber security professional and currently the DFIR Expert Evangelist. With over a decade of experience in IT, Security Operations, and DFIR, he possesses in-depth knowledge of security analytics, leadership qualities, and the ability to work with small-or large-scale cyber security teams. He has been a part of CyberSecurity operations for several global retail, commercial, financial, and technology enterprises. He graduated with a bachelor’s in Information Technology and Network Security from NYIT.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about CYGNVS and your role at the company?
Absolutely. CYGNVS is the Latin word for swan. Cyber breaches are common, but cyber crises are black swan events for most organizations. In the age of evolving technology, we know it’s no longer a matter of if a cyber incident can happen — but when. Moreover, The World Economic Forum found that 95% of cybersecurity breaches are caused by human error. The CYGNVS Cyber Crisis Command Center was created to bridge a critical gap in preparedness with a solution that provides a safe, secure, and guided space to swiftly work through a cyber crisis. I am a Digital Forensics and Incident Response (DFIR) professional at CYGNVS. In my role, I lead security operations for our clients to build incident response plans while triaging, validating, and defending against escalations for a range of security incidents.
Are you working on any exciting new projects now? How do you think that will help people?
We are always working on new innovations to provide organizations with a safe space during the stressful moments of a cyber incident. We built the CYGNVS platform to be a safe harbor by creating an out-of-band system that acts as a secure and separate “war room” to get them back on their feet to safety. We’re extending that secure and out-of-band approach to our incident command center, enabling connection with an ecosystem of trusted experts while allowing organizations to maintain ownership of their sensitive data. Additionally, we’ve enabled legal teams to generate comprehensive regulatory and compliance reports that include incident timelines, risk assessments and other critical data points that are protected and accessible only to designated participants. Through our out-of-band incident command center, lawyers, forensics specialists, insurers, and other expert consultants are available with a click to help businesses respond and recover during a crisis.
Ok, thank you. Let’s now move on to our main topic. For the uninitiated, can you explain the nature and scope of cybersecurity threats to modern medical devices? How significant is the risk in comparison to other sectors?
Of course. When we talk about medical devices, we refer to various technologies, from simple thermometers to complex machines like MRI scanners. All these devices, big and small, are susceptible to cybersecurity threats. Additionally, the interconnected nature of these devices in a healthcare setting amplifies the risk. For instance, a basic device like a tongue depressor may not pose a cyber threat, but devices involved in treatments connected to remote systems or the cloud can be vulnerable. Cyber threats in healthcare are significant due to the potential for remote interference, data breaches, and the interconnectedness of devices that can cause a domino effect if one system goes down. The risk is substantial, especially when considering the potential impact on patient safety and the integrity of healthcare systems. Threat actors are typically attracted to critical healthcare data, often for the implications of potential financial gain. Research has found that 86% of breaches are financially motivated, and 10% are motivated by espionage. According to the American Hospital Association, healthcare organizations are particularly targeted by cyber-attacks because they possess large amounts of high-value information. Take the 2017 WannaCry ransomware attack, for example. The widespread attack infected 230,000 computers across 150 countries in just hours. The attack also targeted the U.K.’s National Health Service systems, causing cascading issues, including delays in non-urgent surgeries, canceled patient appointments, and the inability to access patient records.
Could you highlight some key regulations or initiatives that the US Government has introduced or proposed specifically targeting medical device cybersecurity? How have these been received by industry stakeholders?
To address recent breaches within the industry, the 2023 omnibus package signed by President Biden requires device manufacturers to provide key cybersecurity information to the FDA before market release. The FDA, in response, has implemented legally binding guidelines and received a $5 million boost to enforce these rules. With these regulations in place, manufacturers must prove their ability to address cybersecurity vulnerabilities post-market release, including patching and vulnerability disclosures. Industry stakeholders, such as the Medical Imaging & Technology Alliance, have generally welcomed the FDA’s flexibility in implementing these cybersecurity provisions. This underscores the necessity for manufacturers and healthcare providers to proactively plan for potential cyber threats. Implementing a secure out-of-band incident command center is crucial for rehearsing responses to potential cybersecurity incidents.
From a manufacturer and healthcare provider perspective, what are the most pressing challenges in adapting to and complying with these cybersecurity regulations? Are there any unforeseen hurdles they’ve had to navigate?
While these regulations are necessary, they do pose new challenges for manufacturers and healthcare providers. Some of the most prominent issues include updating devices with outdated operating systems, addressing known vulnerabilities, and ensuring the connectivity and interoperability of devices. The industry as a whole faces the need for additional staff to review cybersecurity information, the development of programs to respond to vulnerabilities, and the release of comprehensive guidance. Plus, requiring a software bill of materials and external testing adds transparency but may be a bit tricky to put into action.
With regulations becoming more stringent, do you think this might impede or slow down the innovation of medical devices? How are manufacturers ensuring both security and the continuous advancement of medical technology?
While stringent regulations aim to enhance cybersecurity, there’s a concern about their impact on the pace of innovation. The FDA’s decision not to outright reject new device applications, instead working with sponsors to address deficiencies until October, reflects a balance between security and innovation. Manufacturers need to find a middle ground, ensuring the continuous advancement of medical technology while meeting cybersecurity standards. Collaboration between industry stakeholders and regulatory bodies is crucial to strike this balance.
What are your “5 Things Everyone Should Know About Medical Device Cybersecurity?”

Understand the connected complexity of every device: The more complex and interconnected a medical device, the higher the cybersecurity risk. For example, I worked on a cyber incident in 2020, where ransomware crippled operations at a major hospital — we observed unauthorized access to a doctor’s laptop we initially thought was random. However, that doctor was a Cardiologist and could access individual pacemakers. There was a high probability the threat actor was trying to cause more damage by potentially turning off or changing the pace of someone’s pacemaker.
Regulatory Expectations are rising: With new authorities like the Protect Access to Confidential Healthcare Act (PATCH Act) and final guidance on premarket cybersecurity controls, the FDA is signaling this risk area will receive heightened scrutiny. It is up to healthcare and medical device organizations to understand these regulations and plan for compliance accordingly.
Response agility should be mandatory for resilience: While perfect prevention is impossible, evidence shows organizations recovering within hours versus days or weeks can minimize overall business impact. I have so many first-hand stories where it took hospitals weeks to recover due to legacy protocols and zero incident response (IR) planning. I believe that healthcare organizations that exercise regular IR planning and practices like “fire drills” are the ones who stand out for maintaining operations through potentially detrimental incidents.
Transparency through bills of materials: Manufacturers are now required to provide regulators with a software bill of materials (SBOM), enhancing transparency by detailing the components of their software, akin to an ingredient list.
The importance of balancing innovation and security: Striking a balance between innovation and security is crucial. While regulations aim to enhance cybersecurity, collaboration between industry and regulators is essential to ensure the continuous advancement of medical technology.

Let’s talk about the future. Considering the pace of technological advancements and the growing emphasis on cybersecurity, where do you see the future of medical device security in the next 5–10 years? Are there emerging technologies or methods that hold particular promise in safeguarding patient health and data?
My prediction is that there will be a significant focus on advancing medical device security through the integration of encryption, blockchain for data integrity, and AI-driven threat detection. Manufacturers and healthcare providers must strategically plan for the seamless incorporation of these advancements into their response plans. Secure collaboration among stakeholders, including manufacturers, healthcare providers, and regulators, will be crucial in creating a collective defense against emerging cyber threats. Continuous planning, preparation, and a secure out-of-band area to communicate with internal and external providers to ensure rapid response will be crucial for any business. Even more so, a secure place to track an incident response and report to regulatory bodies will be key. I predict this will become standard practice as more organizations understand that a proactive and resilient approach is the best way to safeguard patient health and data.
This was very inspiring and informative. Thank you so much for the time you spent on this interview!
About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.

0 Comments

Buckle Up! CYGNVS’ Cybersecurity Predictions for 2024

The 3 Most Prevalent Cyber Threats of the Holidays

Alex Waintraub On Why the US Government is Getting Serious About Medical Device Cybersecurity - An Interview With David Leichner

Alex Waintraub

Archives

Company

Support

​

Buckle Up! CYGNVS’ Cybersecurity Predictions for 2024

The 3 Most Prevalent Cyber Threats of the Holidays

Alex Waintraub On Why the US Government is Getting Serious About Medical Device Cybersecurity - An Interview With David Leichner

Alex Waintraub

Archives

Company

Support