Kypher Web Series Ep.4
How to Protect your Practice Against Targeted Threats
Hi there, and welcome to the forth in our web series, How to protect your practice against targeted threats. In this episode we will cover what a targeted threat is and give you a recent real world example of how damaging it can be.
A targeted threat attack is one that seeks to breach the security measures of a targeted individual or organization. Usually the initial attack, conducted to gain access to a computer or network, is followed by a further exploit designed to cause harm or, more frequently, steal data.
Social Engineering deals with the techniques of manipulating the user’s psychology by exploiting trust. Social engineering often exploits a user’s poor understanding of technology as users are unable to determine and fail to understand the attack patterns used in targeted attacks. Social engineering is one of the predominant components of targeted attacks because it helps to initiate the attack.
Phishing emails can also be a part of a targeted attack. We discussed this earlier in episode 3
Vulnerabilities in web sites and software components, both known and unknown, can be exploited as part of an attack. The most virulent exploits are based on zero-day vulnerabilities for which details are not publicly available. They are often a component of effective targeted attacks.
In an example of a CFO being the target of a threat, an attacker emailed finance email group and got a response that showed that the CFO was out for two weeks on vacation. The attacker did more research on him and found out his backup at the office. She was new to the position. They sent her a direct email from his address and asked her to transfer some money from some corporate accounts to the attacker’s accounts. She was told to keep all of this confidential and she followed their directions to a T. Money was transferred and no one but the attacker and the victim of the target were aware it was even happening. It wasn’t until a spelling error was discovered in the emails that led to the discovery of the attack.
How to avoid targeted threats
Perform the required security risk assessment. This is a vital first step in understanding the threats facing your practice.
Set strict policies for any financial or patient data requests or transfers.
When in doubt, ask someone else to verify. Having a strong checks and balances approach will go a long way to preventing these threats.
To reduce the impact of social engineering attacks, ensure that end users do not have administrative access; and when IT administrator access is required for system administration, perform these functions on isolated systems that are not used for email or Web browsing.
Implement security information and event management (SIEM) capabilities. The monitoring and analysis of the output of security controls is as important as the operation of the security controls themselves.
Targeted threats are real. The attackers will do background research on you and your organization. It makes no difference if your practice is a big or small. Everyone is a target. Pay attention to every email. If a request seems unorthodox, make sure to scrutinize it. Educate your self and your employees. As is the same when I wrap up these episodes. Knowledge is your best weapon against would be attackers.
Thanks again for joining us and please check out our site, www.kypher.com for the latest news updates and information. We have an exciting summer coming with many new announcements. Stay tuned.