• Cybercrime
  • Not enough executives understand cyber-risks

    As cyber-security concerns have become high profile themes over the last few years, such as the report on performance by Veracode and summarised by eHNA, a lack of action may be ascribed to the top leaders. A survey by the USA’s National Association of Corporate Directors (NACD) found that “Only 11% of survey respondents believe their boards have a high level of understanding of the risks associated with cybersecurity.” Alongside this deficiency, external directors have views about information from management on cyber-security and ICT risk.

    Nearly a third said they’re dissatisfied with the quality More than half said they’re dissatisfied with the quantity 80% of directors believe they can improve their cyber-knowledge.

    A report in the Wall Street Journal (WSJ) says 30% of board members in healthcare say they don’t know much about ICT. This may account for healthcare’s sluggish cyber-security performance. In response, NACD wants boards to recognise cyber-security as an “Enterprise-wide risk-management issue that should be part of every board discussion.” To help with it, it’s published the NACD Director’s Handbook on Cyber-Risk Oversight. It outlines five key principles that can help directors and managers to work together to improve cyber-security:

    Approach cyber-security as part of enterprise-wide risk management Understand the legal implications of cyber-risk for the organisation Assign cyber-risk management regular time on boards’ agendas Require management to establish a cyber-risk management and mitigation framework Identify which risks to avoid, accept, mitigate or transfer through insurance.

    NACD offers an approach that senior managers and executives in Africa’s healthcare can adopt. How quickly Africa’s healthcare can make progress depends on the cyber-security skills and knowledge of the ICT teams.

  • eHealth's not secure enough

    Cyber-security concerns have become high profile themes over the last few years. A report on performance by Veracode, a firm that deals with app security, says for authentication protocols, "80 percent of healthcare applications exhibit cryptographic issues such as weak algorithms upon initial assessment." This is well above other sectors of the economy. For other vulnerabilities, healthcare is similar to other sectors for SQL injection, cross-site scripting (XSS) and Carriage Return/Line Feed (CRLF) injection.  What will they be for Africa’s eHealth?

    Veracode selected these vulnerabilities because they’re pervasive and often exploited in severe attacks. SQL injection was the application vulnerability exploited in many web application attacks. XSS is a major vulnerability, and is more prevalent overall. Open source cryptography issues are prevalent across all applications. Attackers can use them to retrieve poorly protected data or hijack communication with an application.

    The summarised view of healthcare organisations’ performance is that they “fare poorly.” As well as being top on cryptographic vulnerabilities, they’re very low, 43%, in remedying known vulnerabilities. Solutions are needed. Veracode says remediation coaching services can make a a big difference. Development organisations that use external remediation coaching services improve the security of their code by two and half times more than organisations that don’t use remediation coaching. The difference is attributed to a lack of in-house expertise.

    It’s safe to assume that Africa’s very stretched eHealth resources may lead to a performance worse than the findings in the report. It may not be wise to assume that it’s better.

  • Ransomware's extremely lucrative

    Cybercrime increases are on the rise. The excessively lucrative returns may explain why. Trust wave has published its 2015 Trustwave Global Security Report. Its two most startling findings are:

    Attackers’ estimated return on investment for exploit kit and ransomware schemes is  a staggering 1,425%: it’s not a misprint 98% of applications tested were vulnerable.

    No wonder cybercrime’s booming. Some of its other main findings are:

    28% of breaches resulted from weak passwords Password1 was still the most common password and only 39% of passwords were eight characters long 95% of mobile applications were vulnerable 6.5 is the median number of vulnerabilities per mobile, of which 35% were critical, 45% high-risk 81% of victims did not detect the breach themselves, so only 19% did 86 days is the median time to detect a breach 111 days is the median time of a breach, from intrusion to containment 6% of spam included a malicious attachment or link.

    Despite this apparent wide-open status, the report says that “2014 may go down as the year that the rest of the world woke up to how pervasive the data security problem really is.” An important issue is how long does it take to be alert after waking up?

    Whilst neither healthcare nor Africa are represented extensively in Trustware’s report, complacency’s not a good idea. With the huge financial incentives of ransomware and the lack of basic protection, Africa’s healthcare is still vulnerable.

  • Where's Africa in the global cyber-threat league?

    It’s towards the bottom. Norse is a cyber-security company. It has IP Viking, a real-time map of the cyber-attack origins and targets. There’s not much activity that threatens Africa. Cyber-threats originate in a few countries, and one stands out as very active.

    Cyber-crime activity in the map extends across all types of organisations. The USA’s the top country for origins and targets. Most activity seems to be recorded in the USA, Europe and China. Africa, South America and Australia seem quite quiet, except for the one active origin African country.

    With most, but not all of the cyber-threats outside Africa, it presents an opportunity to step up cyber-security before it becomes entrenched.

  • Cyber-criminals are on the march in healthcare

    There’s been a significant shift in the types of data breaches in USA healthcare. The  Ponemon Institute reviews ICT security every year. It’s fifth annual report, sponsored by ID Experts, says that criminal cyber-attacks are now the leading cause of data breaches in the USA’s healthcare. It’s more than doubled, up by 125%. Does this heighten the need for Africa’s healthcare to step up its data security resources?

    Its survey of 90 healthcare organisations and 88 business associates measured privacy and security trends. It’s in two main parts:

    Privacy and security of patient data in healthcare organisations and business associates Five-year trends in privacy and security practices in healthcare organisations.

    It found that:

    91% of health care organisations suffered a data breach in the previous two years 40% had more than five breaches 39% had between two and five breaches 45% said criminal attacks were the cause of their breaches 40% of healthcare security professionals said they were most concerned about cyberattacks compared to other potential threats 70% said they were most worried about employee negligence 43% said lost or stolen devices cause of breaches 33% have no process for responding to data breaches and don’t perform security risk assessments 50% said they aren’t confident that their organisations can detect all cases of patient data theft or loss 57% said a lack of resources or budget was the greatest barrier to improving security 56% say their organisation has inadequate data security expertise.

    There’s a long way to go to step up cyber-security. Data breaches cost healthcare about $6 billion a year. Each organisation’s estimated cost is $2.1 million. These findings of expanded criminal cyber-activity are a signpost for Africa’s healthcare. While the USA’s eHealth is different to Africa’s, cyber-criminals are more active. It’s getting worse, so more action seems vital.

    As the report says: “Even though organizations are slowly increasing their budgets and resources to protect healthcare data, they continue to believe not enough investment is being made to meet the changing threat landscape. “ Better eHealth regulation might help, but it’s not enough. Compliance can help a lot more.

  • Botswana's cyber-security strategy's in the pipeline

    The UK government, through the Commonwealth Telecommunications Organisation (CTO), has pledged to help Botswana develop its National Cyber security Strategy. ITWEB Africa says the strategy is expected to establish a national cyber-security policy framework, develop and harmonise appropriate legislation to address cyber-security challenges, create capacity building and public awareness on cyber security issues, and establish a National Computer Emergency Response Team (CERT).

    Botswana's Minister of Transport and Communications, Tshenolo Mabeo said "It is very important that we jealously guard the safety, security and resilience of the cyberspace, so that we can enjoy its socio-economic benefits." He added that the evolution and use of the cyber-space on shared principles, norms and procedures as an open access system is one of the greatest innovations that mankind has ever experienced but warns that it needs protecting and guarding from cybercriminals.

    The framework aims to help to guard healthcare data, which is vulnerable to cyber-attacks. The next step after the framework is to develop and apply effective cyber-security measures. 

  • Northern Corridor states to sign cyber-security MoU

    The Northern Corridor partner states of Kenya, Rwanda, Uganda and South Sudan have committed to signing a memorandum of understanding (MoU) to collaborate on preventing and responding to the increasing cyber-crime threat in the region. ITWEB Africa says signing the MoU on a Cyber Security Framework for Cooperation and Collaboration is scheduled for the Northern Corridor Integration Summit in May in Kampala, Uganda.

    Cyber-crime is a growing concern in East Africa. Kenya loses nearly $23 million to cyber-crime annually. Uganda lost close to $575,000 to cybercrime in 2013, while Tanzania lost around $655,000.

    The MOU states that “Partner States recognise that Information and Communication Technologies (ICTs) have opened up new windows of opportunity and are tools that can accelerate their socio-economic growth. Partner States also recognise that ICTs have also introduced a new types of threats such as cybercrime, cyber espionage, hacktivism, cyber terrorism, cyber warfare, to mention a few.”

    The MoU goes on to say that these threats are rising globally, proving borderless, dynamic and increasingly sophisticated. With this in mind, the countries will work together to establish a collaboration framework to prevent and respond to the threats. Cooperation includes a Northern Corridor Cyber Incident Response Team (NC-CIRT), and states sharing cyber-security information and coordinating incident handling.

    Healthcare digitalisation brings increased vulnerabilities. It’s important that all private personal data collected and stored is protected. The MOU will acknowledge the importance of protecting healthcare data and put plans in place to achieve it.

  • Phishing's a push over

    There’s a lot of it about, and Verizon, a mobile and service provider, has been reviewing phishing as part of a review of about 80,000 security incidents in 2014. The BBC’s technology site has a simple summary.

    How long does it take for cyber-criminals to have a response to a phishing email? It takes a rapid 82 seconds. How many people who receive phishing emails reply? In many organisations, it’s about 25%. About half of these click on the message within an hour of its despatch.

    They’re tricked into opening or replying to a rigged email that give cyber-criminals access to login credentials they can use to enter networks and steal data. It’s easier for cyber-criminals than using sophisticated malware.

    Training to spot phishing is seen as the main part of a solution to combat phishing. The average effect is a response reduction from 25% to about 5%. This improvement helps to spot bogus emails that automatic detection systems have missed. This change creates users who have a role as part of organisations’ cyber-security defences.

    Responding to phishing attack’s important too. The pace of the rapid accumulation of responses and data breaches isn’t often matched by the pace of discovering and reaction to breaches. This is part of another finding that over 99% of the vulnerabilities exploited in data breaches are known by organisations for over a year. These include using un-patched software vulnerable to longstanding and well-known weaknesses, so effective patching practices can make a significant difference.

    These aren’t technically complicated measures for Africa’s healthcare to take in their fight against cyber-crime. They do need structured and sustained responses because eHealth is vulnerable, and as it expands, its vulnerabilities expand too.

  • Keep alert for cyber-crime in Africa

    According to Haile Selassie, Emperor of Ethiopia from 1930 to 1974, “An awareness of our past is essential to the establishment of our personality and our identity as Africans.”  With cyber-crime on the increase, and information system users seemingly falling behind, there are extra needs for awareness about securing African’s identities in the present and future too.

    For a simple guide and news, Alert Africa offers a good start. It deals with all types of cyber-threats, not just eHealth. It explains what cyber-crime is, why cybercrime’s a high priority, how it affects Africa. With Phising a common and basic cyber-crime that’s associated with some eHealth breaches, it’s good to see a computer simulation as one of Alert Africa’s resources.

    eHNA often reports on cyber-crime and data breaches. Alert Africa offers another way to help to raise awareness about their damaging consequences.

  • Ransomware's a threat to South Africa

    Ransomware, destructive malware, is surfacing in South Africa, according to Securicom in an article in ITNEWS Africa. It’s a type of malware that stops people from using their computers and accessing their data until a ransom is paid to the creator.

    Securicom’s Richard Broeke, says ransomware infections are becoming more common in 2015. “Ransomware is a very real problem that is rearing its head in South Africa. Cyber criminals literally hold a company’s data hostage. Globally, millions have been hit with ransomware,” he says.

    Ransomware encrypts data and either prevents or limits users from accessing their systems. Victims have two options. Lose their data or pay a ransom through an online payment to get it back.

    Computers are exposed to ransomware in much the same way as they are to most viruses. The malware can be downloaded unwittingly when users visit compromised websites or it can arrive as a payload, either dropped or downloaded by other malware. Others are delivered as attachments in emails that have been downloaded onto the host computer once the attachment is opened.

    Once it is in, ransomware can lock computer screens, encrypt certain files with a password, or lock files. Ransomare threats aren’t new. They first emerged in Russia around 2006.

    When it comes to prevention, Broeke says companies need to re-focus on ICT security. “Security software is only as good as the last update. With threats always evolving, security software needs to be updated, and the security status of the network, and endpoint eco-system, needs to be monitored constantly.” He also emphasises the importance of backing up data to the cloud as a defense against ransomware.

    Hospitals are not safe from Ransomware attacks. Recently, eHNA reported how a US hospital’s data was held hostage by an unknown individual who accessed their system and threatened to release the data unless a substantial ransom payment was made. South African hospitals need to make sure their security system is updated continuously to protect their patient data. So do hospitals across Africa.