The Thanksgiving holiday reminds us that as a nation we are incredibly thankful to critical infrastructure professionals, government and military personnel, and security staff who work so hard to help keep facilities and services safely running each day, even over holidays and weekends. However, with cyberthreats insidiously growing in sophistication and the increasing industrialization of the cybercrime marketplace, per a new 2023 Sophos Threat Report, as a nation we need to recognize these problems must be addressed at a high level because they impact all of our well-being and must be a priority to everyone – not just cybersecurity and critical infrastructure staff.
Cybercriminals often increase activity during holidays, as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns, and recent research from Cybereason found that holiday and weekend ransomware attacks resulted in greater revenue losses and lengthier recovery times for victim organizations.
Healthcare, government, and education continue to be at risk and a new FBI advisory warned that Hive ransomware has stolen $100 million since June 2021 from a wide range of industries and critical infrastructure sectors such as government facilities, communications, and information technology. Hive has frequently attacked Healthcare and Public Health (HPH) entities. A recent Microsoft report found that nation-state attacks targeting critical infrastructure doubled from 20% to 40% and they observed an increase in password attacks.
Healthcare ransomware and data breaches pose a variety of dangers, encompassing both physical and financial threats. Hackers target pediatric health records in order to carry out fake loan applications, which can unfortunately damage young patients’ credit that’s undetected until the victims are adults. Adults’ health records are often stolen to be used for insurance or prescription fraud.
In the education sector, budget constraints inhibit data privacy and data protection controls. Nearly a fifth of K-12 schools spend less than 1% of their IT budget on cybersecurity. Cyber attackers recently targeted students at national educational institutions in the U.S. with a sophisticated phishing campaign that impersonated Instagram.
Cybersecurity efforts can feel like trying to hit a moving target and leadership-led risk management is essential to prioritizing limited resources without burning out security staff. A new study found that nearly every application has at least one vulnerability or misconfiguration that affects security. Misconfigured storage is a common problem even with big names like Amazon and Microsoft, and it’s not uncommon for developers to deploy a “shadow” server with “shadow” data for test environments that the IT department doesn’t know about. Multifactor authentication is hailed as a way to reduce phishing mistakes, but unfortunately increasing theft of browser cookies undermines that security.
The need to accurately inventory assets to create a current-risk profile is an important step to protect both critical infrastructure systems and data within organizations and government. A new Government Accountability Office (GAO) report had recommendations for the DoD to improve its incident-sharing processes. One thing the GAO found was that reported data breaches involving personally identifiable information (PII) “have increased by 104% from calendar years 2015 through 2021.” The report also stated that the department has “not consistently documented risk assessments or notifications of affected individuals.”
Understanding where sensitive data risks exist in data estates is a problem for many organizations due to remote work and data sprawl across cloud and hybrid environments. Increasing regulation around Data Subject Access Requests (DSARs) is coming soon in some states, similar to GDPR, and many organizations are not prepared to manage the compliance costs of new regulation.
We recently wrote an article on data and critical infrastructure risk management to rethink how these challenges are addressed and the potential of automation to assist: How a human-first approach helps protect against cybersecurity vulnerabilities
Cyber and data threats are not the responsibility of cybersecurity staff alone, and as a nation we must step up to these challenges. Not only are there financially motivated cybercriminals to contend with, but other nation-states’ goals may interfere with our freedom and national security. China’s cyber capabilities pose some existential threats that cannot be ignored. China is committed to its own long-term global supremacy plans and doesn’t hesitate to break the rules from a trade perspective, from a data privacy standpoint (for example the TikTok controversy), or by developing potentially unethical or harmful artificial intelligence.
In particular, a white paper posted on LinkedIn authored by Dr. Pablo Breuer and his colleagues, “Why the United States Must Win the Artificial Intelligence (AI) Race,” outlines key concerns around China’s quest for dominance. The paper says:
“Presently, the bias of the algorithm creator or environment ultimately encroaches into the AI, knowingly or unknowingly … some tasks should never be assigned to AI, and many believe that researchers should not only ask, ‘can we?’ but also, ‘should we?’
Autocratic governments are less answerable to these questions than pluralistic, democratic societies must be, and care less about unfavorable outcomes for their people derived from AI solutions … Both politically and technologically, their aim is not to be broadly representative of the people they govern; it is to homogenize … In a closed society, the regime does not receive critical feedback and insularly defines its own ethics and accountability … To remain a shining beacon of ethics and humanity, the U.S. must continue to champion humans-in-the-loop and systems free of ignorance and bigotry while preserving and embodying the liberties and values of a free society.”
We recently published a Halloween-themed article that highlighted the risks of legacy systems and data, as well as the concerns around biased and autonomous artificial intelligence: The skeletons and Frankensteins of cybersecurity and how risk assessment can help
In the article we distinguish between helpful, transparent AI/ML solutions that automate tedious tasks with a human-in-the-loop versus “Black Box” AI that is relied on to make high-stakes decisions without a clear understanding of how it executes its programming and arrives at decisions. The issue, as stated in the white paper above, is that when creating something new, ethical questions should be asked and assumptions questioned regarding internal bias, safety controls, and its potential use cases and impact on greater global well-being. We also need to realistically risk assess the likelihood that less ethical players will use that same innovation for their own goals.
Despite the considerable cybersecurity challenges from threat actors, human mistakes, system vulnerabilities, and unregulated AI, the sophistication of cyberthreats is also creating an impetus to reevaluate and change national priorities, organizational cultures, and systems for the better. There is often a silver lining to problems and an opportunity to invite fresh viewpoints, break down organizational and national silos, encourage responsible regulation, and build ethical guardrails into innovation.
Thanksgiving is a time of reflection and thankfulness, and it can be a good time to start a daily or weekly gratitude practice to notice what is working well and appreciate hard-working staff so that problems don’t appear disproportionately overwhelming. Effective risk management is about being proactive rather than reactive so that workplace stress is reduced.
Collaboration and authentic two-way feedback between leadership and employees can improve working relationships and engagement, and also more quickly identify what solutions and communication methods are successful. Government leadership has emphasized the need for a “whole-of-nation” approach.
One area that many organizations don’t focus on enough is data discovery and classification, which is a necessary precursor to successful Zero Trust microsegmentation projects as identified by a Forrester report.
In particular, recent research found that “67% of respondents say they lack confidence that their existing data protection methods are sufficient to cope with malware or ransomware threats. Only 12% have fully deployed Zero Trust, and one primary reason data protection strategies are failing is the lack of visibility of where the data resides and what it is.” FedScoop recently interviewed U.S. government security leaders and one CISO also emphasized the importance of investing in security automation early.
Current-state risk assessments must include an understanding of the organization’s assets including data, people, and technology. Due to the sophistication and evolving nature of cybersecurity, we’ve outlined in previous articles how important it is to question past assumptions, use automation to maintain an ongoing inventory of assets, and also establish consistent methods of risk management:
- Protecting critical infrastructure with CISA and NIST cybersecurity guides, “Gordian Knot” assessment, and automation
- The root causes of cybersecurity risk and how automation can help
- Building a cybersecurity foundation with critical thinking, storytelling, and asset inventory
- Three ways to reduce cybersecurity risk: bias education, collaboration, and intelligent automation
With data growing exponentially and a staffing shortage crisis, it is necessary to embrace intelligent automation with humans-in-the-loop to become more efficient for tedious, manual tasks. AI/ML data discovery and classification solutions allow you automate the continuous inventory of data estates with risk filters so that data risks are identified and policies can be properly implemented.
Anacomp’s data discovery and intelligent document processing solutions provide user-friendly data asset visibility and automate multiple data inventory, risk assessment, digital transformation, and processing functions for cybersecurity, risk management, compliance, cloud and data migrations, and analytics projects.
Data Discovery and Distillation (D3) provides a single pane view of both structured and unstructured data stores for over 950 file types with visualization of all file properties and customizable metadata. Risk filters, workflows, data tagging, and federated search help to clean data up and then keep it that way with ongoing, automated monitoring.
You can also quickly and easily perform DSAR, intellectual property, or other sensitive data requests using advanced queries. D3 is unique in that it provides actionable visibility for a broad array of data types with data visualization down to the content-level, not just file attributes.
High-Speed Intelligent Document Processing uses technologies like Artificial Intelligence, Machine Learning, and Natural Language Processing to process and ingest many types of data including handwriting and poor quality documents, as well as images, enabling you to incorporate more data into your projects.
These solutions can be combined and customized to validate and improve data quality for security, compliance, and analytics projects.
You can test out data discovery on your own data with a free 1 TB Test Drive of Anacomp’s D3 AI/ML Data Discovery Solution.
This article is an updated version of a story that appeared in Anacomp’s weekly Cybersecurity & Zero Trust Newsletter. Subscribe today to stay on top of all the latest industry news including cyberthreats and breaches, security stories and statistics, data privacy and compliance regulation, Zero Trust best practices, and insights from cyber expert and Anacomp Advisory Board member Chuck Brooks.
Anacomp has proudly served the U.S. government, military, and Fortune 500 companies with data visibility, digital transformation, and OCR intelligent document processing projects for over 50 years.