Human error has been the source of most breaches since I can remember. What can be done about it?
FTA
The threat intelligence player drew on multiple data sources, including dark web analysis, pen-testing data, incident response cases and threat intelligence to compile the 2021 IBM Security X-Force Cloud Threat Landscape Report.
It revealed that attackers are actively looking to exploit weaknesses in enterprise protection, many of which come about due to human error.
To this end, over half of breaches came about as a result of shadow IT, when systems were spun up without being subject to corporate security policy — and therefore lacked vulnerability and risk assessments and hardened security protocols.
Additionally, two-thirds of the incidents studied involved improperly configured APIs.
----
https://www.infosecurity-magazine.com/news/misconfigured-apis-cloud-breaches/
#healthcare #cio #cmio #healthIT #chime #himss
Today in health, it misconfigured API as account for two thirds of cloud breaches. And we're going to talk about that today. My name is bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in health. It. A channel dedicated to keeping health it staff current and engaged. On October 7th, we have a phenomenal webinar coming up. It's at 11:00 AM. Eastern time would love for you to sign up and be there with us. It is. If you want to register this week, health.com/register. Pretty easy to remember. And it's about coming through a ransomware event and we talk about best practices and lessons learned. We have the CIO from sky lakes, medical center. There. And they went through a ransomware event. He's going to share a lot of their experiences. We have Lee Milligan with Santi health. System as Santa's health system is the community to connect host for sky lakes, medical center. So we're going to see it from that perspective as well. As well as we're going to talk to a CSO. Who was a part of it. And also Matt Sickles, who is with serious health care. Who has a cybersecurity first responder. I love it. We give you the opportunity to put a question in there when you register. And we've already gotten some really great questions and I'm going to forward those over to our guests ahead of time. Make sure we cover as much. Of the content that you want to hear from this group of people. So look forward to that. All right. Here's today's story. As I said earlier, misconfigured API is account for two thirds. Of cloud breaches. This is from info security magazine. And it's from a study. So let me give you some of the excerpts. Shadow it. And misconfigured API is accounted for a vast majority of security incidents. In the cloud last year, according to a new report from IBM security, X-Force the threat intelligence player drew on multiple data sources, including dark web analysis, pen testing data. Incident responses, cases and threat intelligence to compile the 2021 IBM security X-Force cloud threat landscape report. It revealed that attackers are actively looking to exploit weaknesses in enterprise protection, many of which come about due to human error. And it seems. The more things change. The more they stay the same. That was the number one. Reason for breaches back in 2010 for that matter. So that hasn't changed much to this end, over half of breaches. K about as a result of shadow it, when systems were spun up without being subject to corporate security policy and therefore lacked vulnerability and risk assessments and hardened security protocols. Another problem that doesn't seem to go away. We're going to talk about it in this. So what, additionally, two thirds of the incidents studied involved in properly configured API APIs, lacking authentication controls can allow anyone including threat actors access to potentially sensitive information. I said senior cyber threat intelligence analyst, Charles de Beck. On the other side, API is being granted access to too much. Data can also result in inadvertent disclosures. The overall result of the security issues has been to enable crypto jacking and ransomware the top two malware types, which accounted for over half of cloud compromises. IBM also noted a thriving dark web market for public cloud access. Dominated by ads offering remote desktop protocol, RDP, access to cloud resources. The report claimed that threat actors often jump from on-premise to cloud environments. This type of lateral movement accounted for a quarter of incidents X-Force responded to last year. Many businesses don't have the same level of confidence and expertise when configuring security controls in cloud computing environments. Compared to on-premise, which leads to a fragmented and more complex security environment that is tough to manage to Beck argued organizations need to manage their distributed infrastructure as one single environment to eliminate complexity. And achieve better network visibility. From cloud. To edge and back again. All right. So that's enough from that story. What am I? So what are, it used to be funny when a department fired up a cloud solution and started to quote unquote innovate better than it. Now it's not so funny. I see this as a problem in several directions. That we really need to overcome as it leaders. Number one, we should know when data is moving in and out of our network in irregular ways, or at least ways that it wasn't moving before. This would tell us that a cloud solution has been fired up where it is who's using it. Sometimes people get worked up when they realize that it has big brother authority over the network. So let me just put your mind at ease. They do, and it's their job. Don't do anything on the corporate network that your mom would not be proud of. It's just the rule of thumb. Number two, we should be partners who find solutions. So that departments aren't looking to go around it. This has always been the case and good it leaders figure out how to breed this culture. That it is trusted as an innovation partner. We've been battling this for decades and it's a good battle. They push and we pull, but hopefully the inertia is towards progress. That is the reputation, health, it leaders need to cultivate. The next thing is somebody gave me this advice a while back and I haven't tried it myself, but I think it's good advice. Try buying some of your stuff off the dark web and see if it's accurate. It's not the worst idea I've heard. I've never done it. I'm curious if you have done it, shouldn't be no. Let me know how that goes. I did talk to one CIO who had done it and they found multiple physician credentials that were available on the dark web. You can actually acquire it and then validate it. I think it would be interesting to look at a number four, no, the points of egress from your network. This is follow on to the first one. API APIs are powerful tools for automation and innovation. No doubt about that. But in the wrong hands, they create a nice funnel of valuable information to whoever. Does the work to find the holes. I also want to come back to this and really close out with this human error has been the cause of a majority of breaches over the years, and it really hasn't changed. For decades. The way we overcome human errors to put process in place to verify the work. Not because you don't trust people, but because the consequence is too great. Doctors use checklists all the time and it reduces errors. It has been proven to reduce errors. We should use process to reduce human error as much as possible. All right. That's all for today. We can talk about this for hours, but that's all for today. If you know someone that might benefit from our channel, please forward them a note they can describe on our website this week out.com or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher. You get the picture. We are everywhere. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. VM ware Hill-Rom Starbridge advisers. McAfee and a Reuben networks. Thanks for listening. That's all for now.