• Cyber-security
  • Good training’s vital for cyber-security

    Osterman Research has published Best Practices for Dealing With Phishing and Ransomware, a white paper with seven core themes:

    Phishing and ransomware are increasing at several hundred percent per quarter, a trend set for at least the next two yearsMost organisations have been victims of phishing, ransomware and other cyber-security attacks during the past yearSecurity spending will increase significantly in 2017 as organisations realise they need to protectMost organizations are not seeing improved security from their security practices, and those that are effective, most are not improving over time, often because internal staff may not have the expertise to keep upOnly 40% of cyber-security solutions and practices are considered excellentSecurity awareness training is crucial to improve and protect organisations against phishing and ransomware because well trained employees are more likely to prevent breachesThere are numerous best practices to follow to minimise becoming victims of phishing and ransomware, the best being security awareness training, deploying systems that detect and eliminate phishing and ransomware attempts and look for and remedy security vulnerabilities.

    An Osterman survey found:

    Problem

    Prevalence %

    email phishing attack successful in infiltrating a network

    34

    One or more endpoints had files encrypted by al ransomware attack

    30

    Malware infiltrated a network, but can’t identify the entry channel

    29

    Sensitive information accidentally or maliciously leaked by email

    17

    email spearphishing attack infected one or more senior executives’ data

    14

    Network infiltrated by a drive-by attack from employee Web surfing

    12

    email as part of a CEO fraud or business email compromise attack

    11

    Sensitive information accidentally or maliciously leaked from a cloud tool

      5

    Sensitive information accidentally or maliciously leaked from social media

      3

    Not sure how sensitive information  was accidentally or maliciously leaked

      1

    Other

    27

    If greater cyber-security awareness is needed, these survey results reveal the need. Africa’s eHealth has an opportunity to run its cyber-security measures in alongside its new eHealth investment and minimise the damage.

  • Yahoo’s cyber-breach’s the biggest ever

    Lessons learned are a crucial part of dealing with a cyber-attack. Africa’s eHealth can learn from Yahoo’s second successful cyber-attack in three months.

    After an attack in September, Yahoo’s been attacked again. This time, more than a billion accounts are compromised. The Guardian in the UK reports it as the biggest cyber-crime haul so far. A statement from Yahoo says it’s taken steps to secure the accounts and is working closely with law enforcement agencies.

    It was law enforcers who alerted Yahoo that a third party claimed its data files were Yahoo’s user data. It was. So far, the way in hasn’t been identified.

    The stolen data included names, email addresses, telephone numbers, dates of birth, hashed passwords using MD5 and some encrypted and unencrypted security questions and answers.

    Techtarget, a security service, says the MD5 algorithm’s used to verify data integrity with a 128-bit message digest from data input. It’s claimed to be unique to that specific data, and used with digital signature applications that need large files compressed securely before encryption with a secret key, under a public key cryptosystem. MD5 is an Internet Engineering Task Force (IETF) standard. Passwords in clear text, payment card data and bank account details weren’t stolen.

    A possible way in was by an unauthorised third party accessing Yahoo’s proprietary code to learn how to forge cookies. They used them to access users’ accounts without a password. Yahoo’s identified similarities of this activity to the same state-sponsored actor believed to be responsible for the previous breach.

    The company’s notified potentially affected users and taken steps to secure their accounts. It includes the usual requirement to for users to change their passwords. Yahoo’s unencrypted security questions and answers so they can’t be used to access accounts, invalidated forged cookies and improves security to guard against similar attacks.

    Users are directed to Yahoo’s Safety Center for advice. It includes:

    Change passwords, security questions and answers for any other accounts using  the same or similar information used for Yahoo accountsReview all accounts for suspicious activityBe cautious of unsolicited communications asking for your personal information or opening a web page asking for personal informationDon’t click on links or downloading attachments from suspicious emailsConsider using Yahoo Account Key, an authentication tool that eliminates the need to use a password on Yahoo.

    Perhaps the most important lessons for Africa’s eHealth include:

    Be aware of as many of the ingenious ways that cyber-criminals can useAfter a cyber-breach, complete a comprehensive review of cyber-security looking for vulnerabilities that cyber-criminals can useIncrease cyber-security vigilance by improving overall cyber-securityMake cyber-security a top priority in eHealth projects because risks are risingAllocate as many sustainable resources as possible to cyber-security.
  • Here’s advice on cyber-security good practice

    Look out, there’s a cyber-thief about. Protecting, detecting and reacting in eHealth cyber-security’s becoming more important. Three measures are:

    Protect against potential attacks with strong eHealth cyber-security, such as multi-factor authenticationDetect potential attacks by measures such as well-trained employees who know what to look out for and who to contact if they find something suspiciousReact to cyber-attacks as they happen, including notifying people affected promptly and fixing the vulnerability.

    A white paper, Addressing the Growing Threat of Cybersecurity in Healthcare, by Connection and Xtelligent Media, available from Health IT Security sets out more details on these three actions. It also describes how to deal with eHealth cyber-security business challenges. It’s important to understanding the business challenges of new technology and learning from experiences with previous events. It’s vital that all attacks, whether successful or not, are reported, logged and evaluated as a knowledge base.

    ICT teams in healthcare must know the wide range of different types of cyber-attacks. eHNA reports in them regularly, so it’s good to track them using the “Cyber-security” tag.

  • A ransomware guide sets out the steps to recovery

    Many healthcare organisations are inexperienced and under-resourced in coping with ransomware attacks. A guide from KnowBe4, Ransomware Hostage Rescue Manual, sets out technical descriptions of the actions to responding to and recovering from an attack. It also details preventative measures needed. Africa’s health systems, eHealth governance teams and technical eHealth teams should use it as a core reference before their organisations are attacked.

    It’s themes include:

    A description of ransomware and Bitcoins, the ransomware currency and The Onion Router (TOR), a network and browser that enhances and anonymises Internet trafficHow to identify an infection from symptoms and  Infection Vectors of emails, drive-by downloads free software downloads to avoidHow to respond to an infectionDisconnectDetermine the scopeIdentify the ransomware strainEvaluate response option of restore, decrypt or do nothingNegotiate or  pay the ransomFirst, restore from backup or shadow volumeSecond, try decryptionThird, do nothing and lose the filesFourth, negotiate or pay the ransomFifth, review the ransomware attack response checklistLearn and protect from future attacks with improved:Defence in depthSecurity awareness trainingSimulated attacksAntivirus, antispam and firewallsBackupsImplement better cyber-security resources, including a ransomware attack response checklist and a ransomware prevention checklist.

    Applying the guide needs someone with ICT skills. It’s appropriate for someone in each of Africa’s health systems’ ICT teams to take responsibility. They should be accountable to an executive, who in turn should report on progress, risks and actions to eHealth governance teams. Where these are already in place, the Ransomware Hostage Rescue Manual offers an opportunity for a comprehensive review of the effectiveness of the arrangements.

  • Africa’s eHealth needs cyber-security stepping up in 2017

    Effective cyber-security activity needs effective end point measures that protect networks accessed from remote devices, such as laptops and mobiles. Each device with a remote connection to a network creates a potential way, so vulnerability, in for cyber-security threats.

    A practical guide and checklist, ENDPOINT SECURITY Buyer's Guide, from Barkly, deals with six cyber-security challenges. Increasing numbers in each of these are alarming for Africa’s eHealth.

    A Barkly post says cyber-security has become more of a concern for businesses throughout 2016. The numbers behind the threats that companies faced in 2016 show how it’s a major challenge for Africa’s eHealth. In 2016:

    One company detected 18 million new malware samples in quarter 3, an average of 200,000 a day, and it’s growing and evolving to bypass antivirus and other protections, so it’s hard to keep upRansomware’s on the rise, with over 4,000 attacks a day, a 300% increase over 2015 when it was 1,000 a dayBetween January and September, ransomware attacks on businesses increased from once every 2 minutes to once every 40 secondsPhishing emails containing ransomware exceeded 97% during Q3, up from 92% in Q178% of people say they’re aware of the risks of unknown links in emails, but between 25% and 45% still click on them, with 16% to 20% saying they clicked52% of organisations that suffered successful cyber-attacks aren’t making any changes to their security in 2017, with 45% expecting budgets to stay the same and 7% expecting a budget decrease.

    The guide’s based on a set of principles. They’re:

    It’s a common concern, with act, nearly 90% of security professionals concluding their current endpoint protection isn’t enoughEnd point security isn’t as complicated as many security vendors’ jargon impliesDetermining organisations’ needs is vital instead of vendors doing it.

    From these start points, Barkly’s guide provides a comprehensive check list that Africa’s health systems can use. Their challenges then are the sustained actions needed to improve cyber-security.

  • A cyber-security guide from US NCCIC and FBI

    A new cyber-security guide’s been released by the US National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI). It sets out a wide range of cyber-security measures that are helpful for Africa’s health systems to adopt.

    Eight best practices as mitigation measures are:

    Backups: all critical information, stored offline, tested for the ability to revert to backups during an incidentRisk analysis: conduct a cyber-security risk analysis of the organisationStaff training: train staff on cyber-security best practicesVulnerability scanning and patching: implement regular scans of networks and systems and patch known system vulnerabilitiesApplication whitelisting: allow only approved programs to run on networksIncident response: design, implement and test an incident response plan and practiced it regularlyBusiness continuity: create, implement and test regularly a capability to sustain business operations without access to core systems for appropriate time periodsPenetration testing: attempt hacks into systems to test their security and the ability to defend against them.  

    These fit into seven mitigation strategies:

    Patch applications and operating systemsApplication whitelistingRestrict administrative privilegesNetwork segmentation and segregation into security zonesInput validationFile reputation to tune anti-virus file reputation systemsUnderstand firewalls.

    The strategies can be the start of cyber-security measures for Africa’s eHealth. From them spring five activities:

    Constant vigilance by all eHealth users and ICT support teamsKeeping abreast of new types of cyber-threatsActions needed in the event of a breachActing on lessons learned as breaches and potential breaches are foundAccountability into eHealth governance arrangements.

    Complete cyber-security’s an elusive goal. It should always be strived for with no complacency.

  • Kenyan government’s hacked

    It’s not only the frequency of cyber-attacks in Kenya. It’s the size and sophistication of these assaults that has government and businesses on edge. The recent hacking of Kenya’s Government in November 2016 has highlighted the increasing attacks in the country and spotlighted the vulnerabilities and losses to government and online businesses. An article in Arbor Networks says the losses, a staggering US$146m a year.

    It has attributed to the major increase in connected devices. “Kenya and its surrounding countries has continuously attracted nefarious activities by cyber criminals, and the proliferation in distributed denial-of-service (DDoS) attacks in the region is today as much a reality as it is globally,” says Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks. the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research rates it as the world’s leading provider of DDoS protection in enterprise, carrier and mobile markets.

    Paul Roy Owino, president of Information Technology, Security and Assurance (ISACA), says Kenya has recorded up to 3,000 cyber-related crimes a month. They include banking fraud, money transfer using M-pesa and interference with personal data.

    Mark Campbell, consulting engineer for sub-Saharan Africa, highlights another security risk. Many IoT devices run on Open Source (OS) operating systems, mainly because it’s cheaper to develop, so more affordable and with a shorter time frame from development to use. “However, the result is that the code is poorly written with numerous security vulnerabilities. Of course the majority of users do not have the time, patience or expertise to test these for vulnerabilities, making many IoT devices, including our home appliances, a threat actors’ dream” says Campbell.

    Although government sites are generally not built solely for commerce, Hamman warns that often when cyber-criminals take sites offline they often do it as a smokescreen for more devious behaviour. He says “Whilst site owners are distracted by their website being down, cyber criminals use this shift in focus to create a more threatening and targeted DDoS attack on the company or institution with the purpose of infiltrating the network and holding the victims to ransom for money or political motivations, or to steal valuable data and intelligence, such as flight plans for private or military planes, amongst others.”

    Hamman warns that:

    Security is a multi-layered problem and continuous processA one size fits all security solution doesn’t existsPreparation is keyWhen under attack, every second countsOrganisations need people, policies and processes in place so actionable intelligence and a practiced workflow to investigate a breach are kicked off immediatelyOrganisations need pervasive visibility across its fixed, mobile and cloud network feeding into a threat management solutionNever assume that a single breach or compromise was it, so it’s over, because a DDoS attack is almost always part of a wider cyber-crime strategy, so the right tools must be in place to understand the breadth and scope of breach.

    Cyber-security has  become a major requirement for successful eHealth. With complex attacks on the rise, it’s more important than ever for healthcare organisations to have policies and strategies in place to protect their data and specify what they must do in response to a breach.

  • Texts have cyber-risks too

    Using unencrypted text messaging to send Electronic Protected Health Information (ePHI) is risky. SMSs are a simple, efficient and fast way to communicate with patients, carers, communities and health workers, but when it’s ePHI, cyber-security must be in place.

    A white paper, The CIO’s Guide to HIPAA Compliant Text Messaging from and ecfirst, the home of the Health Insurance and Portability and Accountability Act (HIPPA) Academy, and Imprivata, a secure communication provider, sets out best practices for a secure text messaging policy in healthcare organisation. While it addresses US healthcare, it’s recommendations are directly relevant to Africa’s expanding mHealth initiatives. Three steps are:

    Policy: establish an organisational policyProduct: identify an appropriate text messaging solutionPractice: implement and actively manage the solution.

    The white paper has long checklists for each of these. They’re easy to use, but not superficial.

    Once a secure text messaging solution is deployed, it’s essential it’s managed actively to sustain compliance with requirements. Tasks include monitoring log files and other audit information to sustain appropriate use. ICT administrators should:

    Track and monitor administrator activities related to managing users and policiesEnsure authentication events are captured appropriatelyEnsure message read receipts are time stampedEnsure proactive audit practices align with established policy for managing secure and legal and regulation-compliant text messaging frameworks.

    As cyber-security creeps up Africa’s list of eHealth priorities, SMSs mustn’t be left behind. It’s another eHealth challenge.

  • eHealth security needs smart ID says Caradigm

    Tension in eHealth’s due to a constant state of security demands and requirements always exceeding supply, so creating tensions. Caradigm, in its report Improving Information Security by Automating Provisioning and Identity Management, says part of the solution’s a strategy to improve and sustain efficient heightened security levels that don’t burden ICT staff. It proposes a switch from manual to automated process for a string of activities

    One of them, using Single Sign-On (SSO) for access management’s important, but no enough. SSO has to work in conjunction with ID management solutions to improve inefficient processes that burden staff and creating risk. Tasks include:

    Provisioning and deprovisioningGathering information to evaluate threatsProactively identifying access riskApplying simplified and streamlined remediesEntitlement attestationGovernance, risk Management and Compliance (GRC).

    Delivering these needs more diligence and a proactive approach, every day. For Africa’s eHealth, this creates a tension in itself while the switch to more automation competes with other eHealth resources and takes time to complete. As cyber-risks increase, decisions to invest become marginally more attractive.

  • Cyber-security centre's on a budget

    Taking on cyber-criminals needs a dedicated team, a Security Operations Centre (SOC) to match them. For most organisations, it’s a big challenge in itself, with considerable recruitment, development, retention and affordability requirements. A first step is clarity on SOC teams’ role, then, how to set it up and make it effective.

    Alien Vault has an eBook, How to Build a Security Operations Center (on a Budget) that helps. It says SOCs monitor, detect, contain and remediate ICT threats across applications, devices, systems, networks, and locations. It’s comprehensive. They use a range of technologies and processes and rely on the latest threat intelligence, such as indicators and artefacts to establish if an active threat is underway, the scope of its impact if it is, and the appropriate remediation. As cyber-threats increase in volume, sophistication and severity, SOCs’ roles and responsibilities evolve too.

    The eBook deals with five themes and how Alien Vault can help:

    PeopleProcessesToolsIntelligenceThe real world.

    People with the right skills, roles and responsibilities are vital for SOCs. Before embarking on the approach, it’s important to review critical security operations then identify the requirements and goals for the SOC team. Alien Vault has a SOC Skillset Matrix that can help with recruiting and staffing a strong SOC team.

    Processes need establishing. Some may be peripheral. Some are core, and these need identifying, including event classification and triage, prioritisation and analysis, remediation and recovery and assessment and audit. AlienVault Unified Security Management (USM), AlienVault Labs, and AlienVault Open Threat Exchange (OTX) can support these.

    The SOC team’ll need security monitoring tools. They include asset discovery, vulnerability assessment, intrusion detection, behavioural monitoring, Security Information Event Management (SIEM) software for log analysis and reporting, and security analytics. There are benefits in consolidating these tools into a single platform.

    Intelligence is essential for success. SOC teams need to understand differences between tactical, strategic and operational Intelligence, and how these should be used by the SOC. There may be benefits in combining crowdsourced and proprietary data sources.

    Real-world use cases are helpful in showing how SOCs work. For efficient and effective SOCs for Africa’s eHealth, a balance has to be struck between affordability, real time risks and threats, skills, numerous monitoring technologies, intelligence and HR challenges. These combine into sustainability requirements, so solutions have to find an optimal balance that can simplify and integrate cyber-security into eHealth programmes.  An alternative to a SOC may be breach and response, so a SOC must ensure levels of prevention, but in the real world, can’t be expected to prevent all cyber-breaches, but should be able to minimise the damage if they do occur.