The first month of the new year is coming to a close, and there have already been a multitude of cybersecurity events creating headlines. Cyber criminals will never go away completely, so staying vigilant and informed is crucial when trying to protect your own business and assets. Fortunately, SWK has compiled together some of the more notable updates in the cybersecurity landscape this past month.
New Jersey Bans TikTok
On January 9th of this year, New Jersey Governor Phil Murphy announced a new directive to prohibit high risk software on state managed devices, TikTok being one of the more notable apps to be banned. TikTok is a widely popular social media platform which focuses on short-form videos that allows users to consume a vast amount of content in very little time. However, it has been noted that TikTok actually has access to an incredible amount of data on the device it’s installed on, which is what raises concerns from cybersecurity experts. The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) announced that it will maintain a list of tech vendors and software that present an unacceptable level of cybersecurity risk, and those on the list will be banned from being installed on state managed devices. The NJCCIC also laid out guidelines on what state agencies must follow, including:
- Removing any referenced software from their devices.
- Implement network-based restrictions to prevent the use of prohibited services.
- Implement measures to prevent the installation of these services.
- Announce plans to integrate cybersecurity training programs for state employees.
This act could signal a trend in the coming months where more state governments bolster their cybersecurity procedures. For information on how you can protect your own business, SWK has a library of resources to help you navigate the cybersecurity landscape.
The Dark Web Shifts Focus to the Internet of Things (IoT)
The Internet of Things (IoT) is the terminology used to describe the interconnectivity of most ‘smart’ devices. In fact, 2022 actually marked an inflection point for this concept as the world experienced a rapid growth of IoT devices on a large scale. In previous years ransomware seemed to be the biggest tool cyber criminals would utilize when attacking businesses or even governments, but now it appears their focus has shifted to exploiting security risks present in the IoT. Some IoT devices have open-sourced code, meaning that they are incredibly easy for a hacker to find any weak points present. Another concern of the Internet of Things being targeted is that there could be real world implications of an attack, outside of a financial perspective. With self-driving cars and essential medical equipment intertwined in the IoT, a person’s physical wellbeing could be negatively affected if they were chosen to be targeted. We saw this last April when Ukraine’s power grid was attacked by the Russian government, a trend which might continue in future world conflicts. Experts also note that an issue with the Internet of Things is the difficulty presented when updating devices. Most people do not see the point of constantly updating devices like their smart garage if it still functions properly, even if the update is fixing security issues in the code. While hackers and bad actors will constantly look for new ways to attack others for their own gain, experts are just as vigilant in fighting back and preventing these transgressions from happening.
Hackers Attack NJ Hospitals
In the past few months, New Jersey health services have been subject to vast amounts of cyber-attacks, CentraState being one of the more recent targets. This attack has disrupted their workflow and forced them to divert incoming patients to other local hospitals, but their PR team has assured that the quality of care has not diminished due to the breach in cybersecurity. In 2022 we saw 25 health service providers and 290 of their hospitals fall victim to cybercrime, so the trend appears to be continuing as we move into the new year. The prominent hacker group known as LockBit targeted SickKids, which is a children’s hospital, right ahead of the holiday season. What is compelling about this attack is that LockBit quickly issued an apology and offered a free decryptor so the hospital could have their data restored. The children’s hospital is working with a third-party cybersecurity team to implement the software, in case there are any hidden threats within the decryptor. While this may seem like an ounce of morality present within criminals, LockBit targeted another healthcare provider just days before SickKids.
Contact Us for Your Cybersecurity Needs
Staying up to date on recent cybersecurity events is critical in protecting yourself and your business. Fortunately, SWK can help keep you informed on any notable events popping up in the news. For more information or resources pertaining to cybersecurity, or how SWK can protect your business from threats, Contact SWK today.