Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

Healthcare Cyberattacks Soar by 45% in Past Two Months.  There’s more bad security news for healthcare. Check Point Software Technologies has issued a report finding that healthcare, which was already a major target, is suffering even more attacks—especially involving ransomware: “Unfortunately, that cybercrime threat has worsened over the past two months.  Since the start of November, there has been a further 45% increase in attacks targeting healthcare organizations globally. This is more than double the overall increase in cyber-attacks across all industry sectors worldwide seen during the same time.”

A Rising Onslaught of “Smishing” Messages. Two months ago, I wrote about the dangers of “smishing” (SMS text messages used for phishing), and it seems the problem is accelerating. Help Net Security has an article on how phishers are capitalizing on our acceptance and trust in SMS messages, reporting on the “rising onslaught” of smishing attacks “hitting mobile users around the world in the last few months.” The article notes that SMS text messages can seem authentic, so you need to be cautious about responding to any—even if they purport to be from trusted sources. Hallmarks of smishing include a sense of urgency, such as threatening to close an account, or offering a deal that (in reality is) too good to be true. You can see the article for more things to watch for, and precautions to take.

Sealed U.S. Court Records Exposed in SolarWinds Breach. That’s the word from Krebs on Security, reporting on the continuing research into the vast exposures created by the massive SolarWinds security breach, believed to have been engineered by Russia’s Foreign Intelligence Service. Security researcher Brian Krebs reports that the attackers gained access to the Administrative Office (AO) of the U.S. Courts. Krebs quotes a recent statement from the court reading: “The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings.” Underscoring the range of risks, Krebs notes: “Experts say many other documents stored in the AO’s system are sealed—either temporarily or indefinitely by the courts or parties to a legal matter—and may contain highly sensitive information, including intellectual property and trade secrets, or even the identities of confidential informants.”

Wanted: More Software Engineers … To Save $2 TRILLION A YEAR IN WASTED CODE. The Consortium for Information & Software Quality has released its “The Cost of Poor Software Quality in the US: A 2020 Report,” that estimates nearly $2.1 trillion was lost in just the United States last year due to a combination of poor code quality, operational software failures, and unsuccessful IT and software projects. The cause? We need more skilled software developers to create new and maintain existing code, according to the report. The report predicts demand for software developers will grow by 22% over the next decade. Cybersecurity engineers will be in even greater demand. Forbes quotes the U.S. Bureau of Labor Statistics as predicting: “Cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%.”

Finding a Managed Service Provider to Meet Your Cybersecurity Needs. With cybersecurity talent hard to find and expensive to hold, TechRepublic carries an article on how small and medium-sized businesses can benefit from managed service providers to supply cybersecurity expertise. Underscoring the need to tighten security, TechRepublic writes “Researchers at Verizon reported more than 40% of polled small businesses experienced some kind of cyberattack in 2019, with a cost per incident approaching $200,000.” TechRepublic suggest that outsourcing cybersecurity “appears to be the wisest choice for most SMB owners.” The story sums up the problem and solution with this quote: “Small- to medium-sized businesses are aware of the importance of IT security, but they don’t always have the same resources or technical ability to deal with them as larger enterprises do. As a result, they expect their managed service provider (MSP) to act as a true security partner to point them in the right direction and ensure the technology they have in place will protect them and their data.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.