in my career in the fbi i chased god knows how many spies around the dc area we caught quite a few many that i can’t talk about because it’s still classified and at the very end of my career i was asked to join a undercover investigation that had been put together in less than a month to catch the most damaging spy in u.s history an fbi agent a veteran fbi agent named robert philip hansen now robert hansen had been an fbi agent for almost 25 years in fact when we learned about him he was about to retire in april at the very end of his career a foreign source gave us information that pointed to hansen we built a brand new division in fbi headquarters which had never been done before so purely to trap the spy put him in charge of what was called the information assurance section now this is uh 2000 and 2001. we got to go back in time here and information assurance back in 2000 2001 is what we now call cyber security so we took the most damaging spy in u.s history and put him in charge of building cyber security for the fbi purely to one cause him to not retire and come back and take a job that he felt was truly within his bailiwick but also to put him in the position to have access to information that he could steal and then hopefully put in a drop site to the russians in order to continue his espionage career we had to catch him red-handed because we only had circumstantial evidence this is sort of a long way to explain how i learned everything that became the precepts the foreknowledge for all my theories in cyber security and how i’ve taken counter and used it to augment cyber security and on the first day on the first day of my investigation in this new division in the fbi where i i was placed in order to identify whether he was the spy we were after and then find a way to catch him he told me words that i’ve never forgotten in fact words that uh a law what he called hansen’s law that have become the beginning of everything that i have developed as a thought leader in cyber security he looked me in the eye and he said eric the spy is always in the worst possible place my little mind was working and i was thinking here we are in the middle of cyber security for the fbi and that probably is the worst possible place so is he trying to tell me that he he’s the spy is he challenging me is he just trying to throw me off i didn’t know at that time but i kept a poker face i looked right back at him and i said what do you mean by that i don’t remember learning that at the fbi academy in quantico he shook his head and he said you know they don’t teach it there they should if they did we’d be better at what we do but here’s what you need to know this law what i call hansen’s law the spy is always in the worst possible place and if you want to be a talented counter intelligence agent this is all you need to know he said the spy is that person that has access to that information and the knowledge and wherewithal to get that information into the hands of those who will use it to do the most damage and pay that person the most money and that is who we are hunting he was completely correct the spy is always in the worst possible place not only for the fbi there he was for the intelligence community it was robert hansen but in any organization that spy is in the worst possible place for you they’re able to access information they’re able to extract the information and they’re able to get it into the hands of those who are going to do the most damage i’ve taken that early learning that i learned from him from the worst spy in u.s history and i’ve developed it into all my theories in cyber security and today i developed it into the idea that there are no hackers there are only spies then modern cyber attackers the modern spies the modern cyber criminals are sophisticated well-funded numerous it’s not just one person and they are targeting a single individual using traditional spy methods to fool that person into doing something that they otherwise would not do which is why spear phishing for example is still the most prevalent cyber attack getting someone to click a link or open an attachment that they should know they shouldn’t do but they do through an email and that is how the majority of cyber attacks still happen and so when i say there are no hackers there are only spies what i’m saying is that hacking is nothing more than the necessary evolution of espionage and so we have to hunt threats before they hunt us because the spies are coming after that data that is now the currency of our lives so the old method of sharing and transmitting and collaborating was on paper right we used to we used to have memos and we used to uh type up things and and we used to have files and file cabinets uh and this is quite some time ago but we’ve computerized everything is data now everything is collaborated on within computer systems we’re highly networked in the last year and a half of the pandemic most of our collaboration has been done over computer systems with incredible bandwidth that allows us to communicate around the world at the speed of thought and so hansen’s old law the spies in the worst possible place had to be updated and so so what i did is i took that old law and over years of thinking and in writing my book grade day i updated it into what i call o’neill’s law sort of as a nod to my former boss and and that and o’neill’s law is this hacking is a necessary evolution of espionage there are no hackers there are only spies we must hunt the threat before the threat hunts us because the spy is always in the worst possible place and if you apply that law to the discipline of cyber security then you’ll be able to catch those spies and elevate your thinking to going after attackers who are cyber attackers cyber spies cyber terrorists but aren’t hackers the hackers were all the people in the 80s people like me who were interested in cyber security and how to breach cyber security as a way of making it stronger and they’re all working for cyber security companies right now the cyber attackers right now are spies and criminals who are acting just like the spies of old well healthcare data has it it truly has many of the same or similar personally identifiable information what we call pii sort of the holy grail of what we want to protect that financial and many other verticals hold if you think of what you’re providing to your health care provider including insurance information you’re giving your name often your email address your phone number when you when you are going to a medical appointment sometimes you have to provide a copy of your driver’s license so in in some insurance still uses your social security number and birth date uh to authenticate that you have that insurance if you look at the dark web so we’ll get to the dark web but the dark web is a online database of information that you can’t get to unless you absolutely know exactly where to go and you’re using a particular web browser in order to to hunt there and there are criminals there are law enforcement there are all sorts of people there but you can buy and sell virtually anything it’s sort of the new pirate island the criminal marketplace medical records there sell for anywhere from one dollar if it’s if it’s not a particularly useful one to a thousand dollars on the dark web in fact medical records are second only to passports in value on the dark web so medical records are something that buy and sell very well on this uh evil marketplace and so stealing them and selling them online on the dark web can be very lucrative so this information can lead to everything from identity theft or further information about a person to launch another breach you can learn all sorts of things about an information about a person their social security number their birth date uh and then you can target that person in order to attack that person or attack that person’s company and cyber criminals also steal the sensitive information and then they extort companies for money so if you’re a health care provider that information could be stolen from you and then the attacker comes back and says we’ve got this big database of your information and if you don’t pay us this money we’re going to release it online and it’s going to cause massive reputational damage in 2014 during the sochi winter olympics the russians were embarrassed uh after a state-sponsored subversion of the drug testing process was discovered there was this uh report and then for the next olympics the 2018 olympics russia couldn’t fly their flag they were they their olympic athletes had to independently compete in october 2018 the u.s department of justice charged russian gru that’s the military arm of russia’s spy agency a number of seven jru officers with cyber attacks against anti-doping organizations and seven as i said cyber spies were indicted so what they did is they stole medical records of prominent athletes uh international athletes altered them to falsely show that the athletes had tested positive for illegal substances and then fed those same reports those medical records through their fake social media accounts two credit credible social media sources which got to mainstream media in order to discredit international athletes kind of they were angry that they had been found out so they were trying to make it look like well everyone’s doing this sort of like a sour grapes analysis so it’s not just it’s not just that the healthcare data is at risk it can be used by spies to spread disinformation and this was a major issue that happened in 2018 and it’s not just disinformation healthcare data can be at risk right so researchers in israel just recently announced last week just last year that they created a computer virus capable of adding tumors into ct and mri scans so they designed this malware now this was this was purely you you know in looking at what could happen to build better security but the malware was designed to fool doctors into misdiagnosing high profile patients and if the security companies can do that well the bad guys certainly can as well and also during this covid during covid uh hacking patients medical devices became very common so it’s it’s a it’s a vector of cyber attack during the pandemic because more patients are using remote care so they’re not in the hospital where they’re a little better protected and the healthcare industry by the way it’s not just that they’re under attack they’re being used to launch cyber attacks against everybody else so you might have heard that spear phishing is the number one way that we’re getting hit by these major cyber attacks and the problem is it works and spear phishing is where you receive an email the email looks like it’s from someone you trust but it’s really not it’s from an attacker and you click on that link in the email or you click on the attachment and that loads the malware into your system and now the attacker has a way in well covet 19 phishing exploded in 2020 and 2021 and many of the scams seem to come from organizations such as the who the world health organization and the cdc the centers for disease control so what we were seeing were an email from who everything from uh very early in 2020 you know from the cdc click here and register to get in line for your uh for for your vaccine or if you’re from your antibody test if you remember back then everybody wanted an antibody test uh before we knew really what they were useful for and you had to get in line and you would click here or there would come from the cdc or the who saying you know click here and register to get on a a list to be one of the first to receive the vaccine for covet 19 when it comes out and people were doing it because they were afraid it’s heightened fear and pressure meant that they were less likely to question the the viability or the verifiability of this email that they were given and they were clicking people do things that they wouldn’t ordinarily do out of fear and you know already overburdened healthcare i.t and cyber security teams have been tasked to keep up with all these new threats and when spear fishing explodes it puts more pressure on i.t which means that if if it and cyber security are pressured it makes it harder to stop the threats and stop these cyber attacks so healthcare data is incredibly valuable but the healthcare industry especially during a medical pandemic can be used to launch all sorts of other cyber attacks and criminals are clever and spies are even more clever and the criminals are learning from them and so the healthcare industry has been a major vector not only of attack but using to attack others one in four people uh click on that link or open that attachment that they know they shouldn’t so in a room you know a room of four people one person is going to click on that spear phishing link and it doesn’t matter the training they get it doesn’t matter how careful they are some of these attacks are incredibly clever so they’re going to send you a spearfishing email that targets you that that has researched everything that you’ve put on social media that knows about you that knows something you’re interested in or something you’re worried about that’s going to give you either that pressure or that heightened interest that makes you want to click through because you see the email you see it comes from a trusted source or you believe it’s a trusted source or it’s something you’re very interested in or worried about and so there’s more pressure to click of course the right thing to do is always just to delete the email and go directly to the source right using uh your web browser and typing it in not actually clicking those links or opening the attachments i never do that in emails unless i’m 100 sure that it came from the person that i know it came from but especially in a pandemic when we’re in a pressure situation you could be encouraged so if one in four people are clicking on these things then it makes it much harder to stop but particularly when spies are getting into the mix and they’re sending targeted approaches that can fool anybody in 2019 the healthcare sector was being attacked and remember this is pre-pandemic second only to government in cyber attacks so the government right because this is what spies are traditionally always attacking the healthcare sector was second only to the traditional vector of attack for cyber spies in 2018 if we go back one more year right once again pre-pandemic there were 15 million patient records compromised in 503 breaches by may of 2019 there was one breach where 25 million records were stolen so that’s 10 million more in one breach when it took 503 breaches just to get to 15 million in 2018.Now in now in 2020 2021 during the pandemic the healthcare sector was predicted to fall victim to two to three times more cyber attacks than any other vector which means they beat the government they’re the number one vector of cyber attacks for spies and criminals and here’s a sobering statistic more than 93 percent of healthcare organizations have experienced a data breach over the past three years and 57 percent have had more than five data breaches during the same time frame so that’s pretty significant if you look at all the verticals out there finance healthcare government industry healthcare beats them all so by all studies and records the healthcare industry has been decimated by cyber attacks in 2020 and 2021 and it makes complete sense healthcare is in the middle of a pressure situation now i always say never examine your cybersecurity in the middle of a pressure situation it’s the worst time to be examining security in general whether you’re going to look at locks or doors whether you’re going to look at cyber attacks where they’re going to look at cyber security you always want to examine your cyber security figure out how you’re going to protect that data that is the currency of your life before you’re in the middle of this attack before you’re in the middle of a pressure situation because when you’re in the middle of the attack you’re spinning you’re trying to figure out everything from how do we communicate with each other if you’re locked by for example ransomware you can’t use your typical networks in order to communicate so how are you going to even figure out how to get out of the attack and during the pressure situation you’re also working on so many other things that it’s hard to have the bandwidth to determine how to get out of the cyber attack so it’s always better to examine the pressure situation before but it’s too late now we’re in the middle of one of the worst pressure situations we’ve been in since the terrorist attacks in the united states in september 11 2001.This pandemic has caused enormous change across every single aspect of our lives we’re living differently than we ever have before and during this this pandemic this crisis the bad guys are using it they’re not going to let a crisis go to waste the worst people on earth never let a crisis go to waste and of course cyber attackers and criminals are some of the worst people on earth and so they’re launching attacks mercilessly and they know that the one of the most vulnerable verticals in the world is the health care industry there are a couple reasons for that unfortunately it’s been well known for some time that health care is a little behind the curb in good cyber security health care also is in one of the biggest pressure situations as they’re trying to provide for people who are dying of coronavirus and at the same time being hit by cyber attacks and healthcare is particularly susceptible to ransomware attacks so because you’re vulnerable and because you’re susceptible to extortion attackers are mercilessly attacking the healthcare vectors right now more than any other and ransomware is the main method that cyber criminals are launching attacks on healthcare so for the entire medical field if cyber security isn’t at the top of your mind and you aren’t in the middle of a crisis right now now is the time to deal with it not next week not down the road it’s this moment is to get your cyber security bolstered and is to be preparing yourself for the cyber attack that is eventually going to come none of us live on a digital island we put it that way you are only as safe as your neighbor on that island when you’re connected so by connecting healthcare accounts and i’m not saying that this is a bad thing i think this is the way that we need to go you become vulnerable if a vendor you use or a collaborative different company that is connected to your data your healthcare data that you are connected to is vulnerable earlier or in december 2020 a major company called solarwinds was attacked now solarwinds provides a network managing tool for virtually everyone in including the major agencies of the u.s government solar winds was attacked by russia by russian intelligence and they attack solar winds not to not to steal anything from solar winds but to inject malicious software into an update that went out to all of their customers and their customers downloaded the update and then were infected by malware and then the russian intelligence unit could pick and choose from the compromised customers of solarwinds which included nine uh u.s agencies including department of homeland security and commerce state and others that they could steal information with and about 150 major businesses that that were potentially compromised that’s called a supply chain attack it’s not just the spies very recently in the last few months a company called cassaya who provides another another important tool to mold to msps [Music] managed service providers was attacked once again not to attack asea but to inject malicious software into an update that went out to all other customers now msps provide all sorts of software solutions to other customers so you can see there was a domino effect you attack the big company that provides an update to all their customers who provide updates to all of their customers and it’s exponential the difference here was it wasn’t a a foreign intelligence unit it was cyber criminals who modeled the attack on for solar winds and another supply chain attack now supply chain attacks work really well i mean microsoft was hit by china using the same sort of supply chain attack to hit their exchange server and everybody who used microsoft’s calendar was potentially at risk from chinese intelligence so yes you can see vendor-based attacks supply chain attacks over against the healthcare industry where you’re launching attacks against someone who has access in order to get at the company who has better cyber security in in order to steal that data or big supply chain attacks against major health care companies who provide support to a number of other healthcare companies in order to get it all the other healthcare companies and it’s going to happen if it hasn’t already it probably has already we haven’t learned about it so the lesson here for healthcare is that you are only as strong as your weakest link and like i said no one lives on a digital island you need to ensure that everybody that connects to your data has strong levels of cyber security and the solution there is when you contract with a vendor when you partner with someone who is going to have access to your data examine their cyber security make sure that their cyber security is strong and i think that the future here is is the best and breed multi-cloud cloud-based cyber security where everybody is using cloud-based cyber security with security built in not bolted on so that everything that’s accessed is constantly being scrubbed to make sure that the best cyber security is looking at the data and making sure that that data isn’t compromised you know i was just looking through news reports or earlier this week on the medical industry to prepare for this interview and there are many smaller uh health care centers or hospitals or or clinics that have closed their doors because of cyber attacks they can’t even deal with the reputational damage or or the cost of remediating the attack that means finding out what happened where it landed um and ways to stop it in the future uh or the cost of protecting or or dealing with lawsuits because of lost healthcare data in order to even even build better cyber security and stay open and so a ransomware attack for example can be incredibly damaging if you’re a small healthcare provider that can’t afford the cost of of of surviving the cyber attack much less finding out how to become better so that’s why it’s better to invest ahead of the attack and prevent the attack from happening because it can close the doors on on small companies i think in the future cyber security has to move to where everybody is invested in cyber security where we we create sort of a collective consciousness of cloud-based cyber security where if if one entity is attacked over here everybody else in this massive cyber ecosystem cloud-based cybersecurity ecosystem is now protected you’re inoculated because that one attack is is quickly analyzed you you learn from it and then everyone else is protected that’s where we’re pushing that’s where the best cyber security is pushing right now and i think that that is going to be the future otherwise we’re just going to continue to be decimated by cyber attacks over and over and we’re bleeding far too much resources money and time into dealing with cyber attacks that especially during a pandemic could be used elsewhere of all internet crimes you know business email compromise romance fraud uh ransomware everything we’re four billion dollars in losses so they they calculate what the loss is for all of those different cyber attacks so that’s everything not just ransomware but the number one the actual number one uh internet crime in 2020 was business email compromise that’s where uh someone uses data about a person to uh to steal their credentials and then uh you use it through usually through a spear phishing attack which is why it’s business email compromise and then they use that information to do to use a very unique way of identity theft what they do is they pretend they are that person into that person’s financial institution uh withdraw money from their legitimate bank account move it to an illegitimate bank account a cryptocurrency account typically and then steal the funds that way that’s the number one um romance fraud by the way was way up there where you start talking to someone online particularly because we’re lonely during the pandemic a lot of people are especially during the time when we were all locked in our homes and in in some places in the world you couldn’t even leave your home uh and people were talking to other people and getting a lot of their social outlet online and of course the fraudsters were there uh you know i you know creating relationships over chat and and then finally saying i need some money for i’ve got covet i need some money because i i can’t afford health care or hey can you send me some money and i’ll fly to see you uh and of course uh that they never showed up or they didn’t really need the money and of course it’s wired somewhere where it can’t be tracked and so there’s a lot of that happening as well ransomware is probably number three ransomware’s really been around since 2003 or earlier this is not a new thing but ransomware was made famous in february 5 of 2016 in a healthcare attack so hollywood presbyterian medical center when one morning the nurses and doctors came into the hospital and all of their systems were shut down grinning skulls and there was a ransomware notice saying you’ve been locked by ransomware you’re now encrypted you must pay 17 000 in bitcoin in order to get your systems back up now they didn’t pay and for weeks the doctors and nurses were using pen and paper to provide medical care you know i like to think my mom was a nurse and uh and she used to i remember she used to come home and she would have things written on her arm um you know like medical record you know little little like this is the blood pressure and or whatever you know just before she could get it on the chart and and i hate to think that in hollywood presbyterian and in some other ransomware attacks and medical industries poor nurses have like a whole sleeve of stuff written because they they can’t they can’t add things electronically which is the way that it happens now you you you can’t look at uh meta the doctors couldn’t look up medical records quickly you you can’t quickly share x-rays or or other test results and it meant that that some of these acute care patients had to be moved out well this happened in 2016.So like i said this this isn’t anything new for the medical field and back then by the way 17 000 was only 40 bitcoin i think like a percentage of a bitcoin right now one bitcoin would be 17 000. but the hospital had to pay and this was pretty expensive for the hospital right then right then there’s it was a novel case the fbi was involved and they still had to pay because they didn’t have backup systems they didn’t have good cyber security they had no way of getting out of it so they had to pay now just an idea of how the ransomware attack happens the cyber attackers find a way in normally it is a spear phishing attack where they they identify somebody who has access within the network they attack that person using an email that has a link or an attachment in it that fools the person into clicking or opening the attachment or going to a web form that they fill out and gives them access because once again this person receiving the email trusts it then the attacker has a way into the network they start moving laterally within the network they create more credentials they’re usually looking for people who are systems administrators or in in i.t so they can create more accounts they start compromising accounts until they can get deep into the system and then they bring it all down at once by encrypting all of the uh here the medical center or the hospital’s data at once that data is now long no longer accessible the network’s not accessible the computer systems aren’t accessible and the attackers can manipulate the computer systems and so when you get to your when you sit down at your computer system all you see is some sort of screen that the attackers have created they’re bad guys so they like skulls there’s usually some stupid skull and there’s messages sometimes they say things like we’ve encrypted using military grade encryption here is why you will not be able to crack this you must pay more and more attackers are using things like a timer and it says that if you do not pay by this time we’re going to delete all your information now today because uh we got much better about backups and being able to restore from secure backups attackers are extorting as well they’re saying not only have we encrypted your data and you pay us and we give you the decryption key so you can unlock your data they’re also saying if you don’t pay then we’re going to start releasing your data into the public bit by bit until you pay that’s extortion and and and so what’s happening is if you’re not prepared if you don’t have good cyber security if you’re locked by ransomware you’re paying so this isn’t new started happening to healthcare uh in 2016 and it’s continued the healthcare has been the healthcare vertical has been very susceptible to ransomware especially during the pandemic and cyber attacks on the healthcare systems have spiked and this threatens patient care and private data here’s another example in october 28 2020 you know just recently the it desk at the university of vermont medical center starts receiving dozens of calls from staff and they’re complaining about problems accessing their computer systems and so the medical center this is this is sort of a good use case scenario right they uh they quickly did some analysis and they found malicious software what we call malware that were instructing staff to contact the cyber attackers so what the medical center did is they shut everything down so so typically what this was is they’re seeing the email phishing and they intercepted it before the attackers could shut down the medical center with ransomware but here’s the problem they shut down everything email internet and the majority of the medical center’s network they had to because otherwise perhaps the attackers who were already in the network would have pulled the trigger and locked them down with ransomware unfortunately for nearly a month the university of vermont medical center couldn’t use electronic health records or their payroll programs and for days the staff didn’t know which patients were scheduled for appointments so surgeries had to be rescheduled cancer patients had to go elsewhere for the radiation treatment all sorts of things like that the attack cost them an estimated 50 million and mostly from lost revenue because they couldn’t treat new patients it took the it staff three weeks working 24 7.Man can you imagine the burden on the poor it staff to scrub the network systems and restore thousands of affected computers and it turns out that uh that if you just look broadly 34 of healthcare organizations globally reported being hit by ransomware in 2020 and 65 of those that were hit by ransomware in the last year said that the cyber security that the cyber criminals succeeded in encrypting their data that’s pretty significant so it’s one thing to say i’ve been hit by ransomware but hey i had cyber security and i was able to at least alleviate some of the attack 65 that’s more than half are saying that their data was encrypted which means that they were successfully locked by ransomware and that means that they either had to pay they probably had to pay or they had a good backup that they could restore from and that assumes that the cyber criminals aren’t also extorting them like i said at the same time saying if you don’t pay we’re going to start releasing your data so it doesn’t matter if you’re going to restore from backed up if your data is already stolen as well you’re in a lot of trouble to talk about ransomware we have to talk about the dark web so the dark web i like to describe is sort of the the pirate island of the internet it’s where all the bad guys go to to broker and sell and buy all of the malicious software and cyber attacks that are out there including cyber uh ransomware attacks you know you can buy anything on the dark web you know the healthcare industry might be interested to know that the dark web also has what’s called the body parts bizarre this is a really macabre aspect of the dark web so we might as well talk about it it’s where you can buy body parts uh everything from a liver to a kidney to uh to eyeballs anything you you want can be bought and sold on the dark web including cyber attackers for hire who can be bought to launch cyber attacks against everything from schools to hospitals to to to businesses that are out there and according to the world economic forum the dark web has now become the third largest economy on earth third largest economy so it it still goes the u.s china they’re moving up and still us china and then the dark web is the third largest economy on earth and in the custom malware that’s being built and sold on the dark web which means you know software engineers who decide they want to go into the criminal side or they want to make some extra money on the side are building custom brand new never before seen malware attacks that your typical cyber security isn’t even going to spot um you know at vmware carmen black we did did a study study in 2020 and in 2020 ransomware was responsible for 14 of all successful cyber attacks and that’s double 2019 that’s a pretty big statistic because there are a huge number of cyber attacks out there and a big piece of the pie is a ransomware some more statistics the largest ransomware demand now stands at 70 million dollars that hasn’t been paid the the biggest uh the largest actual paid one is 40 million and the average ransomware payment in the first half of 2021 was 570 000 in 2020 it was 300 000 uh and a new tactic of ransomware as i said is extortion the fbi’s internet crime complaint center has received two over 2 000 ransomware complaints that’s a lot that’s over 16.8 million in losses here to date just in ransomware that’s a 62 increase in reported incidents and a 20 increase in reported losses compared with 2020.So ransomware is a big deal especially in the healthcare sector and as i said the first big ransomware huge attack that made the media and put ransomware on the page was launched against a hospital a healthcare center here in the united states and since then ransomware has been one of the most prolific and and best utilized cyber attacks out there particularly against the medical health care sector this is the pandemic truly changed everything about how we work and how we live the only comparable i have is how our entire lives changed after the events that happened in september 11th 2021 when there was an attack against the world trade center terrorist attack against the world trade center in the united states the towers came down and the entire world changed terrorism became one of the biggest concerns and how we traveled changed forever it didn’t change for a month it didn’t change for a year it changed forever we are still concerned about the the same sort of terrorist attacks and there a a handful of terrorists boarded a plane with box cutters took over the uh the captain’s cabin and then flew planes into buildings we still have to take off our shoes uh go through a variety of different medical detectors your loved ones can’t walk with you to the gate we were able to do that before september 11th and universally we are we are checked and and poked and prodded before we ever board a plane so travel has changed significantly that’s the comparable to what’s happened during this pandemic i like to think of the pandemic as pandemic 1.0 2.0 and 3.0 pandemic 1.0 is it was was the biggest change that we went through one day we were all in offices now the healthcare industry is a little different if you work in a hospital you you’re sort of the front line you’re you’re critical providers and so many in the healthcare industry obviously didn’t suddenly go home but for for a good part of the world were in our office and it was happy because you went into your office you sat down at your computer the computer was configured by it and uh every app on that computer every program was authenticated was was given the thumbs up by it and they knew exactly what in that ecosystem could get in and what couldn’t get in and there were all sorts of protections in place and then the next day after the who declared coven 19 a pandemic everyone was home or majority of the workforce was home and it was completely overburdened from one moment to the next because we weren’t on at home with those configured workstations we were at home with whatever anyone had their laptop at home their kids laptop you know something they borrowed from their grandma an old computer even if you were bringing your laptop from work that was configured home you’re hooking it up to an to a router your personal router that might not be secure people were working from places like coffee shops that had open internet which is decidedly unsecure because they didn’t have good internet at home or they didn’t have internet at home people were working on their smart devices over cellular networks because they didn’t have internet there was a grab bag of different systems different places different locations and there was no way to go from a a on-prem premises workforce to an immediate distributed workforce and build cyber security in an instant so 1.0 was a disaster 2.0 pandemic 2.0 is how we have learned over the last almost two years a year what a year and eight months to work in a distributed workforce in a now a new cloud-based environment which is how the world works now we went where everything was on prem using servers to now everything has to be done through the cloud in some way shape or form otherwise we can’t collaborate we can’t share because everything is data now everything is networked and how do we do that and build security into that and during this time during pandemic 2.0 there have been an unprecedented number of cyber attacks so if you look at those ic3 statistics that i pointed you out to four times the number in the prior year before the pandemic and growing year after year and we’ve been suffering a massive bleed off of resources and time because of these cyber attacks an unprecedented number of them some of the biggest cyber attacks in history have happened in the last year and pandemic 3.0 is now as we start to open and learn how to go back to work how are we going to do this when the workforce doesn’t want to be in the office full time a recent polls i mean polls during the last got 18 months have shown the people don’t want to be full time in the office anymore if we look at uh if we look at just some of the statistics over the last few years a staggering 91 of all global respondents in the study that vmware carbon black did in in our 2020 global threat report a staggering 91 percent of all global respondents stated that they had seen an increase in overall cyber attacks as a result of employees working from home of course because we’re working from home in unsecured devices in all sorts of different devices that haven’t been configured or maintained by it or devices that have no cyber security at all and destructive attacks by the way and these aren’t just attacks where it’s cyber attacks to steal data but destructive attacks which where cyber attackers are destroying data or changing data have increased 118 as cyber space during this pandemic has become more hot you have to start by building a cyber security framework that relies on the number one technique in cyber security today zero trust and xero trust if you want to break it down is a geeky cyber security term that basically means that all users human and machine authenticate and are verified before they access that data as like i like to say that is this currency of our lives certainly the currency of lives in the healthcare industry because that healthcare data the ability to protect from ransomware attacks that is the most important thing right now if you want to protect from cyber attacks so zero trust means that you’re going to stop the phishing emails you’re going to stop the attacks where attackers are just buying usernames and passwords off the dark web and then just trying them against your employees until they find one that hits because nobody ever changes their password xero trust is going to create a secure cloud environment because in pandemic 3.0 as we learn how to go back to work if you were going to have workers who are working from home and working on premises you know in your office the only way to do that is by leveraging the cloud our data has to live in the cloud otherwise we can’t collaborate because people will be in all sorts of different places so zero trust means you’re gonna need five good things the first is a secure cloud environment right you’re gonna leverage the cloud in order to have security built into the cloud so that every time you’re accessing your data security is constantly looking and scrubbing you need to have access management you need to segment your network which means that everybody in your company every single person every employee shouldn’t have access to everything employees should only have access to those areas of your network that data that is critical to them that’s important to them that they have a need to know if you want to use a spy term if they don’t have a need to know it if they’re not supposed to be working on it they shouldn’t have access to it that way if that employee’s credentials are compromised by an attacker they can only get into some of your data not everything and security can see that that account is trying to access something they shouldn’t and can immediately lock down that account and prevent it from accessing any data and that way security can constantly been working behind the scenes to identify that there is a possible breach as part of that you have to remove inactive accounts adaptive accounts can often be used by attackers because they they buy them on the dark web and then use them to attack you so secure cloud environment access management that’s one and two three is harden your systems so harden your systems using multi-factor authentication or just completely getting rid of the password entirely and using a single sign-on approach you can’t rely on passwords you have to have something in addition to the password because passwords are 100 percent useless in protecting against cyber attacks why most people use incredibly weak passwords passwords can be guessed especially if sophisticated spies or cyber criminals who are learning from spies are researching employees using social media it makes it pretty easy to guess a password they can also use spear phishing to attack a person directly and get their password that way people also use the same passwords for everything they’ll come up with one strong password and they’ll use it for everything from their business account at your at their employer’s account to their bank accounts to the account for an app where they’re buying their favorite ice cream and any one of those could get breached now it’s for sale on the dark web and now the attacker has access to everything single sign-on is great because you don’t even need a password you have a username and then you use an authenticator app which uses the best levels of encryption so you need something else so multi-factor authentication at least where you enter your username your password and then you get a text on your phone for example where you have to enter a third unique code that second factor for authentication is critical in protecting yourself and then finally number five watch out for robert hansen be a spy hunter you have to also look for the trusted insider within your organization who isn’t the sort of person who is isn’t an external cyber attack but is a person an employee inside that’s gone rogue there are lots of cases of this but i but i looked hard for one that’s in the uh for for a really good one that’s in the medical industry and and i had to look back in my rogues gallery of spies and traders and hackers and cyber attackers back to 2011 for this great case about this guy named jessie mcgraw now jesse mcgraw had a uh a also known as which is ghost exodus the name of course he gave himself leader of the electronic tribulation army so ghost exodus this guy named jessie mcgraw was a cyber attacker you know he called himself a top cyber attacker and he was actually caught from the by the fbi because he wasn’t particularly brilliant at this posting a youtube video of himself installing malicious software in a hospital computer and while he was doing this youtube video of himself installing the malware directly into a hospital computer he showed off a collection of infiltration gear that he had put together lock pics a cell phone jammer fake fbi credentials and he was able to install his malicious software on multiple computers including nurse and nurses station that had access to medical record so to steal the medical records directly and a back door into the the hvac unit the climate control unit or the air conditioning unit that could change the temperature uh in in the storage facility for uh drugs so what he could do technically and he was showing all this off is he could change the temperature for the climate-controlled drugs that could could change them or alter them that could harm patients now he was caught and of course arrested and it turned out that he was able to do all this because he was the night security guard at the texas hospital that was compromised and worse what he was doing as a trusted insider was not just stealing from that hospital or attacking that hospital to steal from the hospital but use the hospital to launch cyber attacks against other organizations so that hospital not only could have been compromised but embarrassed because when those other organizations figured out how they were cyber attacked it would lead back to the hospital so you have to beware that trusted insider not just the external cyber attacks but the ones that can come from within i think that the health care industry takes cyber security very seriously i think that there have been enough massive cyber attacks enough massive cyber attacks against the healthcare industry that that you can’t but take it seriously and in a recent study by abbott 91 of hospital administrators considered the security of data as a top focus in the last year but there’s always a but right but 62 of these same administrators feel inadequately trained or unprepared to mitigate cyber risks that that could could impact their hospital so what does that mean that means the health care industry is taking it seriously but they don’t think they’re ready to stop a cyber attack like i said earlier healthcare is just behind the curve in cyber security and has to get better late last year it was reported that hospitals hit by data by a data breach or ransomware can expect to see an increase in the death rate among heart patients uh because of cyber security remediation efforts that that came from a study by vanderbilt university where by the way my my youngest brother is a new doctor and that’s because when hospitals in in particular are spending a lot of time and energy in remediating and stopping a cyber attack it means that they’re not providing care that their care is disrupted this is something that attackers know they know that this disruption will particularly in ransomware lead a hospital to pay faster which is why ransomware attackers are targeting healthcare more than any other vertical right now any other industry because of that pressure to pay so i think that to sum up that answer health care is taken very seriously they have to but health care is still behind the curve and has a lot of work to do to become better in cyber security and it’s critical that healthcare does so not not today not tomorrow but yesterday they have a lot of work to do [Music]
Free Coupon for Discounts on Pharmacy Medications
