COVID-19 cyber guidance - Monthly update for CIO/CISO August 10, 2020 - assets.kpmg
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
COVID-19 cyber guidance Monthly update for CIO/CISO August 10, 2020 kpmg.ca
The COVID-19 cyber era
Global threat actors increasing cyber attacks
COVID-19 poses a HIGH cyber-security risk for Canadian organizations as new risks continue to emerge.
Key threat observations Recommendations
Precision ransomware spreading
Attacks have more than doubled in the US (1). Recently an outdoor navigation and fitness company had – Incident response playbooks for ransomware attacks should be updated to
multiple products disrupted by an apparent ransomware attack. In this case, the unique datasets of this invoke data exfiltration actions, e.g., privacy measures.
victim company can provide pattern of life information of its customers that is exploitable by threat actors. – Leveraging threat intelligence can help companies pinpoint attack patterns
The attack is attributed to a Russian crime syndicate which implies that the information accessed was likely that could affect their unique posture.
exfiltrated and will be commoditized on underground marketplaces well after the breach (2).
Healthcare at the forefront of vaccine race
As the COVID-19 vaccine race continues, officials in the U.S., U.K. and Canada warned that the threat actor – Healthcare is now at the forefront of information warfare and security.
Cozy Bear, associated with Russia’s SVR foreign intelligence agency, is actively hacking vaccine trials and Security posture reviews can help raise the bar deterring most common
dropping custom malware. An active player in Russia's massive influence campaign in the 2016 US attacks.
election, Cozy Bear’s targeting of vaccine research is of note (3). While this entity’s motivations are – Integration with industry and government can dramatically improve one’s
historically for intelligence purposes only, they do sometimes appear to work with other Russian entities that security posture by sharing and receiving collective intelligence.
perform acts of disinformation.
Breached admin tools: a common weak link
A coordinated social engineering campaign targeting multiple Twitter employees was behind a hack of – Enforcing thorough logging to all administrative tools for security applications
several high-profile Twitter accounts in July (4). The severity of this account takeover attack highlights the and other key business applications is essential for threat detection.
importance of effective measures for managing privileged access to critical applications and admin tools. – User behavior monitoring is essential to detect user profiles that display
Effective privileged access management is even more critical now that many companies are continuing to abnormal behavior.
have a considerable workforce working from home as a result of the pandemic, and are relying heavily on
– All privileged accounts should be clearly associated with individual users and
remote access to administer application and security tools.
shared accounts should be eliminated.
© 2020 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative
(“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
2
* The references are listed on the next slide.COVID-19 cyber guidance – References
References
1. https://www.telecompetitor.com/report-u-s-ransomware-attacks-up-109/
2. https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/
3. https://www.scmagazine.com/home/security-news/apts-cyberespionage/covid-19-vaccines-economies-in-peril-after-russian-apt29-
attacks/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_%7b%7b%27now%27|date:%27%25Y%25m%25d%27%7d%7d&
hmSubId=%7b%7bcontact.cms_id_encrypted%7d%7d&email_hash=%7b%7bcontact.email|md5%7d%7d&oly_enc_id=2359F5955423H5W
4. https://www.scmagazine.com/home/security-news/insider-threats/twitter-hack-is-a-reminder-of-the-dangers-of-unfettered-employee-
access/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_%7b%7b%27now%27|date:%27%25Y%25m%25d%27%7d%7d&
hmSubId=%7b%7bcontact.cms_id_encrypted%7d%7d&email_hash=%7b%7bcontact.email|md5%7d%7d&oly_enc_id=2359F5955423H5W
© 2020 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative
(“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
3KPMG’s cyber security services
KPMG can help you with a wide range of cyber security services
Key services Contact us
Cyber maturity assessment National leaders Regional leaders
Compliance assessment
Strategy and Cyber security strategy Hartaj Nijjar
Governance Partner & National Leader, Cyber Security
Information governance and privacy
416 228 7007
Third-party security risk management hnijjar@kpmg.ca
Identity and access management and Robert Moerman Jeff Thomas
Partner, Cyber Defense Partner, Cyber Security
Privileged access management KPMG in Canada Calgary
Transformation 416 777 8308 403 691 8012
Cyber governance, risk, and control jwthomas@kpmg.ca
rmoerman@kpmg.ca
Security architecture Adil Palsetia Yassir Bellout
Partner, Strategy and Governance Partner, Cyber Security
Security operations advisory
KPMG in Canada Mont real
416 777 8958 514 840 2546
Cyber Cyber threat intelligence ybellout@kpmg.ca
apalsetia@kpmg.ca
Defense
Vulnerability monitoring John Heaton Erik Berg
Partner, Transformation Partner, Cyber Security
Application security
KPMG in Canada V ancouver
416 476 2758 604 691 3245
Compromise assessment and simulations erikberg@kpmg.ca
johnheaton@kpmg.ca
Cyber Response Guillaume Clément
Incident response readiness and planning Robin Tong
Partner, Cy ber Res ponse Partner, Cyber Security
Digital investigations and remediation 418 265 8734 Edmonton
KPMG in Canada 780 429 7335
© 2020 KPMG LLP,Cloud security
a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative
robintong@kpmg.ca 4
Cross-Pillar guillaumeclement@kpmg.ca
(“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Secure DevOpskpmg.ca The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although w e endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it w ill continue to be accurate in the future. No one should act on such information w ithout appropriate professional advice after a thorough examination of the particular situation. © 2020 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG netw ork of independent member firms affiliated w ith KPMG International Cooperative (“KPMG International”), a Sw iss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
You can also read
