Tag Archive for: institutions

how financial institutions can prepare to react quickly through regulatory compliance


All over the world, the number of attacks by cybercriminals targeting the financial sector is increasing, and the UK & Ireland is no exception
to this trend. According to Veritas research half of UK organisations said that, over the past two years, they had been the victim
of at least one successful ransomware attack in which hackers were able to infiltrate their systems.   

The increasing profitability of these attacks for the criminals, means a whole new industry – Ransomware-as-a-Service (RaaS) – is growing rapidly.  Professional hackers, exploiting AI-driven target identification, breach execution, victim extortion, and
ransom collection, all offering their malware as a service to the highest bidder.  

The increasing threat this poses to national economies led the EU to pass the Digital Operational Resilience Act (DORA) setting out specific requirements
for financial service providers concerning risk management. DORA legislated specifically on key areas including reporting accuracy of any ICT-related incidents, and management of third party risk.   

This means that when an attack on any financial services provider occurs, the decisions and actions taken in the hour following an attack will be decisive for the level of organisational impact, and the ultimate survival of the business.  

For financial institutions, process predictability is paramount  

IT teams must prepare thoroughly to anticipate an attack by implementing effective operational resiliency practices to secure their data.  Ongoing training for IT and business teams, together with tools for data identification and visibility, are critical
when it comes meeting regulatory requirements.   

As part of the ICT risk management process to comply with DORA regulations, successful completion of a specialised audit to identify all types, locations and classifications of data and storage infrastructure must be carried out. These rules have been developed to
help prevent and mitigate cyber threats and ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats.  

Compliance with these processes…

Source…

DDoS attack was cause behind internet connectivity outage for public healthcare institutions in Singapore, ETCIO SEA


Investigations on the internet connectivity disruption for public healthcare institutions which happened on 1 November 2023 showed that the outage was caused by a Distributed Denial-of-Service (DDoS) attack, where the attackers flood servers with internet traffic to prevent legitimate users from accessing online services. As per national healthtech agency Synapxe, which is responsible for the IT operations that support the country’s public healthcare network, no evidence has been found to indicate that public healthcare data and internal networks have been compromised.

Internet connectivity at public healthcare institutions was disrupted between 9.20am and 4.30pm on 1 November 2023, with most of the affected services restored by 5.15pm. During the disruption, services requiring internet connectivity at public healthcare institutions, including websites, emails, productivity tools for staff, were inaccessible.

Throughout the incident, Synapxe was able to sustain the mission critical systems needed for clinical services and operations at the public healthcare institutions, including access to patient records. Patient data and the internal networks remained accessible and unaffected. Patient care was not compromised.

Synapxe’s networks are protected in a layered defence designed to detect and respond to cyber threats, including DDoS attacks. Its systems are also designed with redundancies for resilience, and these include system backups. To minimise the risks of being overwhelmed by higher-than-usual internet traffic, Synapxe subscribes to services which block abnormal surges in internet traffic before they enter our public healthcare network. In addition, once the traffic is cleared by the blocking service, firewalls are in place to allow only legitimate traffic into the network.

On 1 November 2023, an abnormal surge in network traffic was detected at 9.15am. This surge circumvented the blocking service, and overwhelmed Synapxe’s firewall behind the blocks. This triggered the firewall to filter out the traffic, and all the websites and internet-reliant services became inaccessible. Once the cause was identified, Synapxe…

Source…

Nuclear Security Education: IAEA Partners with Universities and Research Institutions


Aligning the available teaching materials on nuclear security with the latest IAEA guidance is an important stepping stone in the path to excellence in nuclear security education. This objective is among the key areas of work of the International Nuclear Security Education Network (INSEN), a partnership mechanism that facilitates the collaboration of the IAEA with educational and research institutions.

“Education and training in the area of nuclear security is an essential component of the IAEA’s nuclear security programme,” said Elena Buglova, Director of the IAEA Division of Nuclear Security, during the INSEN Annual meeting convened in Vienna in July. “By sharing experiences and good practices, INSEN members can further enhance their capacities in order to effectively contribute to strengthening nuclear security regimes through a sustainable nuclear security education.” 

Established in 2010, INSEN has 204 members and 13 observers from 72 countries. Their work includes the development of peer-reviewed teaching materials; faculty development in different areas of nuclear security; joint research activities; student exchange programmes; academic theses supervision and evaluation; knowledge management; promotion of nuclear security education; and other related activities.

During their recent annual meeting, 94 participants representing 45 INSEN member countries came together to review the implementation progress of the Network’s Action Plan to identify and evaluate the activities for the coming year.

The exchanges also covered topics such as the role of research in enhancing nuclear security, international collaboration, capacity building as well as gender equality.

“INSEN utilizes feedback received from its members and other international experts through meetings, personal communication, and surveys to understand the evolving nature of nuclear security, and assess the effectiveness of nuclear security education,” said Alpana Goel, Director of Amity Institute of Nuclear Science and Technology from India and Chair of INSEN.

The revision of existing nuclear security teaching materials according to the IAEA publication “Model Academic Curriculum in Nuclear…

Source…

Medical Institutions Remain One of the Most Vulnerable Sectors to Ransomware Attacks


London, United Kingdom, July 30, 2023 –(PR.com)– Experts weigh in on why the health is sector so vulnerable.

The healthcare sector experienced 64 ransomware attacks last year alone, according to research by NordLocker.

According to recent data, the belief that ransomware attacks only target wealthy organizations is a myth. In 2022, healthcare companies with annual profits ranging from $25-50 million experienced four ransomware attacks, while medical companies with profits between $11-25 million encountered 14 attacks. Medical institutions with profits of $1-5 million were not exempt because they also suffered four attacks. It is crucial to highlight that ransomware poses a greater threat to institutions with lower profits because cyberattacks can often lead to severe financial repercussions, including bankruptcy.

Ransomware attacks target large public hospitals and small private practices alike. The report reveals that even one-person private consultation offices are not immune to these attacks. In the year prior, healthcare institutions with 1,000-5,000 employees experienced four attacks, while those with 1-11 and 11-50 employees encountered 13 attacks.

It is important to note that ransomware attacks extend beyond hospitals and healthcare facilities. Biotech companies, pharmaceutical companies, social services, medical factories, and other organizations in the healthcare sector are also susceptible to such attacks.

As usual, most attacks target American businesses — 61% of all attacks are against the US healthcare sector. Spain and Canada are the other countries most affected by ransomware attacks, with almost 8% and 4.7% of attacks retrospectively.

Why is the health sector so vulnerable?

Experts agree that there are a variety of different reasons why healthcare is such a lucrative industry for cybercriminals.

“In general, hospitals and other medical institutions are a great target due to outdated systems, and lack of choice in solution providers because not all vendors can offer solutions for the medical field. Lack of investment is another factor,” says Aivaras Vencevicius, head of product for NordLocker.

The health care sector is also particularly vulnerable because of the…

Source…