With serious problems emerging as cyber-criminals & nation-state attackers both target the healthcare sector, Microsoft very generously, is ensuring that its ’AccountGuard’ threat notification service is now available free of charge to what it describes “healthcare providers on the front lines.”
World Health Organisation (WHO)
This significant gesture follow-on from multiple news stories outlining how the World Health Organisation (WHO) as well as hospitals in the UK, US & throughout Europe have been targeted.
Recent attacks on the Brno University Hospital in the Czech Republic “resulted in delays in COVID-19 testing, new patients being turned away and treatments being postponed,” Tom Burt, Corporate VP, Customer Security & Trust at Microsoft, explained.
There have also been others. One attack which hit the Champaign-Urbana Public Health District Health Agency website, Illinois, Burt observed, “have held up access to critical COVID-19-related healthcare guidance.” “Further, what most of these attacks share is that they involve email & also people, or a precisely targeted email and person.” Targeted, spear-phishing, of course.
This is where the ‘AccountGuard’ service proves so valuable, because it works by monitoring enterprise mailboxes & also personal email accounts for activity that would show that an organisation is being attacked. If such activity is seen, Microsoft notifies them as to the nature of the threat & also provides further advice as to what steps to take in order to stop it.
This system as originally developed to protect US Congress members, political campaigns & non- profit groups,
Microsoft is now extending this service, on a free of charge basis, to “healthcare providers including hospitals, care facilities, clinics, labs & clinicians providing front line services as well as pharmaceutical, life sciences & medical devices companies that are researching, developing & manufacturing COVID-19-related treatments.”
Humanitarian \ Human-Rights organisations also are having the service offered to them.
“Microsoft AccountGuard being offered free of charge to healthcare teams and humanitarian groups is most definitely a positive occurrence,” outlined Tim Mackey, Principal Security Strategist at Synopsys CyRC (Cybersecurity Research Center), “at its core is a recognition that some threats are from attackers seeking maximum disruption and possessing significant resources – think foreign governments and well-funded criminal enterprises.”
AccountGuard is certainly an effective tool that uses the considerable resources of Microsoft, & attempts to equalise this ‘playing field’.
Where does everyone else stand? “For the rest of us,” Mackey continued “there are of course any number of threat intelligence services available.”
Each will have its own strengths, but in selecting an appropriate mix for your organisation, it’s “important to understand what your risk of targeted threat versus opportunistic threats might be,” Mackey further observed.
This means that in practice performing an ‘open & honest assessment’ of both the business & also its particular approach to cyber-security. “The outcome from this exercise, is the ‘threat model’, & it can then inform how best to spend limited cyber-security funds,” Mackey reasoned.
The cyber-awareness factor is as ever to the fore. “Coronavirus-based phishing attacks have certainly seen a dramatic increase over the past few months,” Alyn Hockey, VP of Product Management at Clearswift, cautions too, “and people are more distracted & vulnerable to clicking than they might usually be.”
The triumvirate combination of Technology, Training and Awareness all will be needed to deal with this problem, related Hockey.
“In fact, this crisis can actually act as a trigger for organisations to reinforce their cyber-security processes and to remind employees of the need for extra vigilance. It should then certainly extend additionally to providing advice, and also technical help, to make sure employees are as well-protected working from home, as they are from the office, & reinforcing the processes for what to do if a breach has occurred.”
Pascal Geenens, who is known as a ‘Cyber-Security Evangelist’ at Radware, has seriously warned that “While cyber-awareness plays a big part, it is not enough in times where scams and phishing attempts have a rich arsenal of different angles to entice and trick victims.”
Since the lock-down, many people have felt totally overwhelmed by the volume of email invitations for ‘Virtual Meetings’. Time is finite, & something may give. That ‘something’ could be responsible for a sudden breakdown of focus, and then for subsequently for a mistaken click.
“Any technology that can help people view what is in their inbox and lower the probability of accidentally setting off a ransomware incident is a very welcome addition,” Geenens also then noted.
For instance, he has now ‘re-found’ his ‘Microsoft Outlook Focused Inbox’ during the recent weeks of this pandemic. So, instead of disabling this as he would have done previously, he will now use it, in his own words “to prioritise urgent emails which I focus on at the start of the working day. Once these messages are dealt with, I attend to the remaining messages, taking extra care when clicking links and avoiding directly opening attachments.” Very sensible!
The concept of ‘proactive security’ is said to be an ‘ideal model’, Geenens though further suggests, “We are not operating in ideal times, however, so anything that can help overstretched key workers in these challenging times is a positive thing.”
Be careful out there
As they used to say at the beginning of every single episode of ‘Hill Street Blues’ – ‘Be careful out there!’.