Microsoft has responded to reports of cyber-criminals and nation-state attack groups targeting the healthcare sector by making its AccountGuard threat notification service free of charge to "healthcare providers on the front lines." This follows news stories detailing how the World Health Organisation and hospitals in the UK, US and across Europe have been in the cyber-crosshairs.
Attacks on the Brno University Hospital in the Czech Republic "resulted in delays in COVID-19 testing, new patients being turned away and treatments being postponed," Tom Burt, corporate vice-president, customer security and trust at Microsoft, said.
Others, such as one that hit the Champaign-Urbana Public Health District health agency website in Illinois, Burt said, "have held up access to critical COVID-19-related healthcare guidance." According to Burt, what most of these attacks share is that they involve email and people, or more precisely an email and a person. Targeted, spear-phishing in other words. This is where the AccountGuard service comes in, monitoring enterprise mailboxes and personal email accounts for activity that indicates an organisation is being attacked. When any such activity is spotted, Microsoft notifies them as to the nature of the threat and providing advice to take the necessary steps to stop it.
Originally developed to protect US Congress members, political campaigns and democracy-focused non profit groups, Microsoft is now extending the service, free of charge, to "healthcare providers including hospitals, care facilities, clinics, labs and clinicians providing front line services as well as pharmaceutical, life sciences and medical devices companies that are researching, developing and manufacturing COVID-19-related treatments." Humanitarian and human-rights organisations are also being offered the service.
"Microsoft AccountGuard being offered free of charge to healthcare teams and humanitarian groups is most definitely a positive occurrence," says Tim Mackey, principal security strategist at the Synopsys CyRC (Cybersecurity Research Center), "at its core is a recognition that some threats are from attackers seeking maximum disruption and possessing significant resources – think foreign governments and well-funded criminal enterprises." AccountGuard brings the considerable resources of Microsoft to bear, in an attempt to level this cyber-playing field.
But what about those people and organisations that fall outside of the AccountGuard remit? "For the rest of us," Mackey told SC Media UK, "there are of course any number of threat intelligence services available." Each will have its own strengths, but in selecting an appropriate mix for your organisation, it’s "important to understand what your risk of targeted threat versus opportunistic threats might be," Mackey says. Which means performing an open and honest assessment of both the business and its approach to cyber-security. "The outcome from this exercise, the threat model, and can inform how best to spend cyber-security funds," Mackey concludes.
And then there's good old-fashioned cyber-awareness to factor in, of course. "Coronavirus-based phishing attacks have certainly seen a dramatic increase over the past few months," Alyn Hockey, VP of product management at Clearswift, warns, "and people are more distracted and vulnerable to clicking than they might usually be."
It takes a combination of technology, training and awareness to tackle the problem, according to Hockey. "In fact, this crisis can actually act as a trigger for organisations to reinforce their cyber-security processes and to remind employees of the need for extra vigilance," he told SC Media UK, "It should certainly extend to providing advice and technical help to make sure employees are as well-protected working from home as they are from the office, and reinforcing the processes for what to do if a breach has occurred."
Pascal Geenens, a cyber-security evangelist at Radware, cautions that "while cyber-awareness plays a big part, it is not enough in times where scams and phishing attempts have a rich arsenal of different angles to entice and trick victims." Given that, since lockdown, many of us know the feeling of being overwhelmed by email and invitations for virtual meetings, there is an additional time pressure being exerted and something has to give. Something that can cause a lapse in focus and an unwise click.
"Any technology that can help people view what is in their inbox and lower the probability of accidently setting off a ransomware incident is a very welcome addition," Geenens says. For example, he told SC Media UK that he has rediscovered the Microsoft Outlook Focused inbox during the pandemic. Rather than disable this as he would have done before the lockdown, Geenens now uses if "to prioritise urgent emails which I focus on at the start of the working day, once these messages are dealt with I attend to the remaining messages, taking extra care when clicking links and avoiding directly opening attachments."
While proactive security is the ideal model, Geenens concludes, "we are not operating in ideal times, so anything that can help overstretched key workers in these challenging times is a positive thing."