Earlier this year, I called my son’s pulmonologist at Lurie Children’s Hospital to reschedule his appointment and was met with a busy tone. Then I went to the MyChart medical app to send a message, and that was down as well.
A Google search later, I found out the entire hospital system’s phone, internet, email and electronic health records system were down and that it was unknown when access would be restored. The next week, it was confirmed the outage was due to a cyberattack. The systems remained down for more than a month, and a ransomware group called Rhysida claimed responsibility for the attack, seeking 60 bitcoins (about $3.4 million) in compensation for the data on the dark web.
My son’s appointment was just a regular appointment. But when my son, a micro preemie, was an infant, losing access to his medical team could have had dire results.
Cybercrime is a concern for large corporations, hospitals and governments, but it also affects small businesses. In January 2024, McAfee and Dell produced a resource guide for small businesses based on a study they conducted that found 44% of small businesses had experienced a cyberattack, with the majority of these attacks occurring within the last two years.
Humans are the weakest link
When most people think of cyberattacks, they think of a hacker in a hoodie sitting in front of a computer and entering a company’s technology infrastructure using a few lines of code. But that’s not how it usually works. In most cases, people inadvertently share information through social engineering tactics like phishing links or email attachments containing malware.
“The weakest link is the human,” says Abhishek Karnik, director of threat research and response at McAfee. “The most popular mechanism where organizations get breached is still social engineering.”
Prevention: Mandatory employee training on recognizing and reporting threats should be held regularly to keep cyber hygiene top of mind.
Insider threats
Insider threats are another human menace to organizations. An insider threat is when an employee has access to company information and carries out the breach. This individual may be working on their own for financial gains or manipulated by someone outside the organization.
“Now, you take your employees and say, ‘Well, we trust that they’re not doing that,’” says Brian Abbondanza, an information security manager for the state of Florida. “We’ve had them fill out all this paperwork; we’ve run background checks. There’s this false sense of security when it comes to insiders, that they’re far less likely to affect an organization than some sort of outside attack.”
Prevention: Users should only be able to access as much information as they need. You can use privileged access management (PAM) to set policies and user permissions and generate reports on who accessed what systems.
Other cybersecurity pitfalls
After humans, your network’s vulnerabilities lie in the applications we use. Bad actors can access confidential data or infiltrate systems in several ways. You likely already know to avoid open Wi-Fi networks and establish a strong authentication method, but there are some cybersecurity pitfalls you may not be aware of.
Employees and ChatGPT
“Organizations are becoming more aware about the information that is leaving the organization because people are posting to ChatGPT,” Karnik says. “You don’t want to be posting your source code out there. You don’t want to be posting your company information out there because, at the end of the day, once it’s in there, you don’t know how it’s going to be utilized.”
AI use by bad actors
“I think AI, the tools that are available out there, have lowered the bar to entry for a lot of these attackers—so things that they were not capable of doing [before], such as writing good emails in English or the target language of your choice,” Karnik notes. “It’s very easy to find AI tools that can construct a very effective email for you in the target language.”
QR codes
“I know during COVID, we went off of physical menus and started using these QR codes on tables,” Abbondanza says. “I can easily plant a redirect on that QR code that first captures everything about you that I need to know—even scrape passwords and usernames out of your browser—and then send you quickly onto a site you don’t recognize.”
Involve the experts
The most important thing to remember is for leadership to listen to cybersecurity experts and proactively plan for issues to arrive.
“We want to get new applications out there; we want to provide new services, and security just kind of has to catch up,” Abbondanza says. “There’s a large disconnect between organization leadership and the security experts.”
Additionally, it’s important to proactively address threats through human power. “It takes eight minutes for Russia’s best attacking group to get in and cause damage,” Abbondanza notes. “It takes about 30 seconds to a minute for me to get that alert. So if I don’t have the [cybersecurity expert] team that can respond in seven minutes, we probably have a breach on our hands.”
Photo courtesy Tero Vesalainen/Shutterstock.com