Winter 2018 Newsletter - ICYMI: HIMSS Sacramento Meetup

“The Mindset of a Hacker: Tackling Digital Security Together”

By Serena Kouklis, HIMSS NorCal Meetups Team

What: “The Mindset of a Hacker: Tackling Digital Security Together”
When: 11/9/2017, 6-8pm
Where: Sutter Health’s Patrick Hayes Learning Center

Pictured: Julian Garcia, Sr. Security Engineer at SecureWorks

Julian Garcia, Sr. Security Engineer at SecureWorks gave a presentation on cybercrime on November 9 to a crowd of healthcare and IT professionals. Below is a short summary of what he had to say:

Who are Hackers?

  • White Hat vs Black Hat has evolved along with the sophistication of the criminal infrastructure. We are no longer dealing with lone black hat hackers in a basement like in the movies, we are up against Nation-states, cybercrime organizations, hacktivists, nihilists, etc., so we cannot afford to let our guard down.

What threat do they pose?

  • People are beginning to feel data breaches personally- SSNs, health info, etc.,
  • It takes an average of 270 days before organizations realize they have been hacked
  • Malware propagates- you do not have to be a target to be a victim
    • Stuxnet targeted Iran but was found all over the world
  • There are websites like xDedic where you can buy access to compromised servers (or to have your own removed!)
    • Compromised Healthcare servers are offered on that site at an alarming rate- only 2nd to educational servers!
  • Cybercrime has become more sophisticated and criminals are working together
    • Malware like Carbanak affected banks and resulted in $868 million stolen; the cyber criminals were never caught, only their money mules.

What steps can organizations take to create secure environments?

The cyber security challenges are huge and we need to work together because cyber criminals work together. New security vulnerabilities emerge daily.  The best way to mitigate risk is to understand your entire enterprise because you cannot protect your data if you don't know what’s at risk.

  1. In the cybersecurity kill chain, there is a planning phase, attack phase, and persist phase
    1. Focus on stopping the attack phase
  2. Have an incident response plan
  3. Keep your environment patched
  4. Exercise device controls and application controls
    1. A single host can compromise an entire network     
  5. Have backups and test your backups.

SecureWorks Resources

  • Threat analysis
  • Advisories

2017 Cyber Security Threat Insights (Report for Leaders)

The Battle for your Endpoints

Measure your Cyber Security Incident Response Plan (CIRP)

Other Resources

Real Time Cyber Map


No Ransom Tools

22 Ransomware Prevention Tips

Advanced Persistent Threats (APT)s Log Book

Return to Winter 2018 Newsletter