Top 5 Ways Organizations Are Being Breached Introduction

In this series, CCI Systems (Blue Team), and partners FRSecure (Red Team), will uncover the top five most common ways the healthcare industry and other organizations are being attacked by hackers and what you can do to help stop attacks before they mitigate. Our partners FRSecure will discuss what the attack vector is, what specifically attackers do within that vector to achieve a compromise, and some examples of those attacks and stories within the healthcare industry. CCI Systems will explain how to avoid being compromised using that vector—how to protect yourself and mitigate the risk of falling under the same trap.

Follow along to learn how you can help prevent a security breach from happening to your network.

  1.     Phishing Attacks
  2.     Publicly Accessible Logon Systems with Single-Factor Authentication
  3.     Poor Password Hygiene
  4.     Unpatched Systems
  5.     Misconfigurations

Phishing Attacks

Phishing attacks have existed for quite some time. They're still widely used because they're successful. All of us are familiar with phishing attacks. These emails use psychology and urgency to trick people into clicking malicious links, uploading malicious files, and so on. They come in a variety of forms, including spoofed websites, texting promotions, scam phone calls, and so on. The primary objective is to trick the end user into handing over access or credentials, which can then be used to cause further harm in the organization.

Publicly Accessible Logon Systems with Single-Factor Authentication

Logging in is how you access the services you need to do your job, but if those platforms are also on the internet, anyone with the right credentials can access them. This problem grows exponentially if the access point only involves a single type of authentication—that is, only a username and password, with no alternative, secondary means of ensuring the user is who he or she claims to be.

Poor Password Hygiene

When it comes to passwords, the basic practice of good password hygiene is surprisingly overlooked, especially in healthcare organizations. Passwords that are default, weak, exchanged, and repeated make an attacker's job much easier. Good passwords, on the other hand, are difficult to build, remember, and keep track of, particularly given the sheer number of systems and accounts we need to access these days.

Unpatched Systems

Do you get those irritating update alerts that keep interrupting your workday? Developers normally push these updates to systems and applications in order to correct identified vulnerabilities and bugs. If you are forced off, you might not be able to effectively avoid a vulnerability that has already been exploited or has the potential to be exploited. Despite this, many organizations have been compromised or hacked.

Misconfigurations

A configuration is simply a setup. This also refers to the configuration of things like networks, systems, programs, and permission sets in the context of protection. It's always an open door for attackers to walk through if things aren't properly set up, integrated, and locked down. 

Read the Red Teams blog here!