Ballad Health’s cybersecurity awareness training starts with ensuring our team members are appropriately trained regarding current cybersecurity practices. Each team member is the first line of defense against cyberattacks.
Security awareness training provides every team member with a fundamental understanding that there are imminent and ongoing cyber threats, and preparing enterprise team members for common cyberattacks and threats.
Security awareness training generally consists of repetitive training as well as ongoing, sometimes random, testing through email. The most prevalent IT security threats include:
- Spam. Not limited to direct email, spam is now one of the main methods of attack via social media. When someone “invites” you to connect on LinkedIn, for example, that invitation may arrive in your email, but its effectiveness is directly related to your trust of various social media sites. Cybercriminals can even embed password-stealing malwarefrom a simple LinkedIn invitation.
- Phishing. Phishing is a common practice whereby hackers go after a broad target of users with emails that look genuine, but are actually intended to lead the uneducated user to click on dangerous links — possibly divulging usernames, passwords, personally identifiable information, even financial information. Phishing is akin to throwing out a wide net full of bait and pulling in whatever you catch.
- Spear phishing. While phishing schemes cast a wide net, spear phishing takes a highly targeted approach to attacking specific individuals. The most infamous spear phishing attackin recent history was on John Podesta, then-chairman of the Hillary Clinton presidential campaign. Spear phishing attacks target high-profile individuals or people with access to valuable digital assets. The email is usually handcrafted, and uses all available information to make the email read exactly like an actual email from a friend or colleague.
- Malware. Short for “malicious software,” malware refers to any type of software designed to cause harm to a device through viruses, rootkits, spyware, worms and Trojan horses. Advanced Malwarehas a specific target and mission typically aimed at an organization or enterprise. In 2017, the malware program known as WannaCry spread throughout the world, crippling hundreds of organizations.
- Ransomware. Similar to malware, ransomware is used by attackers to extort money (or possibly other resources) from the target organization. In June 2017, NotPetyainfected accounting software prevalent in the Ukraine. It encrypts files on the drive, requests $300 in bitcoin, attempts to steal credentials in the memory and attempts to propagate through the network using stolen credentials or exploits.
- Social engineering. This practice is simpler than it sounds. If you’ve seen the movie “Catch Me If You Can,” you’ve witnessed one highly effective example of social engineering. Tripwire assessed the most prevalent types of social-engineering attacksin 2015. At its core, social engineering occurs when one person fools another into giving up access to a resource. Social engineers use a variety of tools and resources to gain access to targeted resources, but the one-on-one direct attack remains the same.
Throughout October, various cybersecurity reminders will appear in Ballad Health social media, screensavers, and Ballad Health News. Remember, our team members make up the first line of defense against cyberattacks. Please do your part to help keep us safe!
