Fortifying Small Businesses & Individuals: A Guide to Robust Cybersecurity Practices
Welcome to this week’s cybersecurity blog, where we dive deep into the escalating challenges small businesses face in the realm of digital security. Recent events, including the Brandywine Realty Trust's encounter with a devastating ransomware attack, serve as a stark reminder of the vulnerabilities that exist within even the most established entities. As one of the largest real estate trusts in the U.S., Brandywine's ordeal underscores a critical lesson: no organization is too big or too secure to fall victim to cyber threats. This breach not only disrupted their operations but also jeopardized sensitive data, highlighting the necessity for robust cybersecurity measures tailored to protect and sustain business continuity. For small business owners and individuals, understanding and implementing effective cybersecurity strategies is not just a precaution—it's an imperative. The reality is that smaller enterprises and individuals often face higher risks due to limited resources and cybersecurity expertise, making them attractive targets for cybercriminals. This week, we will explore actionable insights and practical solutions that can fortify your business against cyber threats. From essential cybersecurity training to the latest in protective applications, our goal is to equip you and your business with the tools and knowledge needed to navigate the complex landscape of cyber threats, ensuring your business's resilience and security in an increasingly digital world.
Michael Muckler
5/14/20255 min read
In a recent cyberattack on Change Healthcare, owned by UnitedHealth Group, healthcare providers across the U.S. have faced severe financial distress, compelling some doctors to utilize personal savings to sustain operations. The breach, detected on February 21, has disrupted critical payment and revenue cycle management services, leading to significant payment delays for providers. For example, Dr. Angeli Maun Akey from Gainesville, Florida, experienced more than an 80% reduction in her practice's cash flow for six weeks due to the attack, which forced her to forego her salary, seek high-interest loans, and even request monetary advances from her patients.
The impact of the cyberattack has been widespread, affecting the ability of many healthcare providers to maintain standard operations and meet financial commitments. UnitedHealth has estimated the attack's cost at up to $1.6 billion for the year, with the company's stock down nearly 8% year-to-date. In response to the crisis, UnitedHealth launched a temporary funding assistance program to aid affected providers, although many, like Dr. Akey, have found the support insufficient. The company continues to work on restoring affected systems and improving payment processes, but the ongoing disruptions have left many healthcare providers struggling to manage their financial obligations and maintain patient care.
Employee data breaches have surged to a five-year high, with reports to the Information Commissioner's Office (ICO) increasing by 41% from 2022 to 2023, as found in a study by Nockolds. This rise in breaches, which reached 3,208 incidents this year, is coupled with a significant 57% increase in ransomware attacks targeting employee data, highlighting the vulnerability of employers who possess sensitive personal data. These breaches not only expose employers to potential legal risks, such as breach of contract claims and demands for ransom, but also heighten the need for effective cyber security measures within Human Resources (HR) as well as Information Technology (IT) departments. The escalation in cyber threats underscores the importance of regular employee training on cyber security protocols to mitigate risks and manage potential legal and reputational consequences effectively.
The burgeoning field of cybersecurity is witnessing an unprecedented demand for professionals as hacking incidents proliferate globally, leading to significant data breaches and soaring costs associated with these incidents. Kayne Whitney, a student at Madison College, is preparing to enter this high-demand career that combats identity theft, among other cybercrimes, a consequence of the rapidly increasing threat landscape that affects various sectors, including health systems as recently seen in a ransomware attack on Ascension. This attack disrupted medical services and demonstrated the critical need for robust cybersecurity measures. The U.S. recorded a staggering 3,205 data breaches in 2023, a 72% increase from the previous record, emphasizing the escalating challenge of safeguarding sensitive information.
The severity and frequency of cyberattacks have transformed cybersecurity from a peripheral responsibility of IT departments into a distinct and crucial sector desperate for skilled personnel. Despite the promise of a median salary exceeding $120,000, there is a notable scarcity in the workforce, with predictions suggesting a need for hundreds of thousands more professionals globally. Educational institutions like Madison College are responding by expanding their cybersecurity programs to accommodate more students, indicating a shift toward recognizing cybersecurity as a critical and lucrative career path. This field not only offers high compensation but also requires a continual learning mindset due to the evolving nature of cyber threats and the technical sophistication needed to combat them.
A recent report highlights a significant surge in cybersecurity budget allocations among small and medium-sized businesses (SMBs), with 82% of SMB leaders increasing their cybersecurity investments year-over-year. This trend underscores a growing recognition of the heightened cybersecurity risks faced by SMBs, which often serve as entry points for criminals aiming to infiltrate larger organizations within the supply chain. The report, produced by LastPass and InnovateMR, surveyed U.S.-based SMB leaders and found a notable shift towards more proactive security measures. However, it also advised that beyond financial investments, there needs to be a stronger focus on qualitative improvements such as enhancing policies, education, and organizational culture to combat cyber threats effectively.
The study also revealed a disconnect in perceptions among different leadership roles within organizations, particularly between executives and non-IT leaders regarding employee awareness of security protocols. While executives and IT leaders generally believe that employees are well-informed about security expectations, a smaller percentage of non-IT leaders agree, suggesting an overly optimistic view from the top. This misalignment emphasizes the need for more comprehensive communication and training across all levels of an organization to ensure thorough understanding and adherence to cybersecurity policies. The findings stress the importance of a unified approach to security, where all sectors of a business collaborate to mitigate risks and enhance data protection strategies.
Zscaler, a cybersecurity firm, recently shut down an exposed system after rumors surfaced about a cyberattack. Initially dismissing these rumors, Zscaler later confirmed that an isolated test environment on a single server, which did not contain customer data, was indeed exposed to the internet. The company quickly took the system offline for analysis, assuring that there was no impact or compromise to its customer, production, and corporate environments. This incident was triggered by a claim on X (formerly Twitter) by a threat actor, which prompted Zscaler to conduct a thorough investigation into the matter.
Further investigation revealed that the notorious Serbian hacker, IntelBroker, claimed responsibility for the breach, offering to sell access to highly sensitive information, including credentials and SSL certificates. This hacker is known for targeting high-profile companies and had previously breached other significant entities like Space-Eyes and General Electric. IntelBroker's activities highlight the continuous threats faced by organizations and the importance of robust cybersecurity measures to protect against such high-level intrusions.
Brandywine Realty Trust, a prominent U.S. real estate investment trust, recently fell victim to a ransomware attack that resulted in the theft of data from its network. The Philadelphia-based company disclosed to regulators that this cyber incident involved unauthorized access and the deployment of encryption on its internal IT systems, which aligns with the characteristics of a ransomware attack. This disruption has impacted the company’s business applications crucial for operations and corporate functions, including financial reporting systems. In response, Brandywine took swift actions to shut down affected systems and believes it has contained the breach, although it continues to investigate the extent of the exposure of sensitive or personal information.
As one of the largest real estate trusts in the U.S., with significant properties across Austin, Philadelphia, and Washington D.C., the security breach poses serious concerns not only for the trust itself but also for its major tenants, such as IBM, Spark Therapeutics, and Comcast. Despite the severity of the incident, Brandywine has stated in their regulatory filing that they do not anticipate the cyberattack to have a material impact on their operations. This incident highlights the ongoing vulnerabilities in the real estate sector to cyber threats and underscores the importance of robust cybersecurity measures to protect sensitive data and maintain trust with stakeholders.
