United Healthcare’s $1.6 Billion Cyber Breach: Implications for Officers and Directors of Public Companies

The cyberattack on United Healthcare Group’s (NYSE: UNH) Change Healthcare division is disconcerting, not just because of the estimated costs of the breach ($1.6 billion), but also because UNH is a Fortune 50 company. While several notable cyber attacks on public companies have occurred in the past year, including last fall’s incidents at casino operators MGM Resorts International (NYSE: MGM) and Caesars Entertainment (NASDAQ: CZR), many experts in cybersecurity believed that Fortune 50 companies were well-protected. This assumption led to the expectation that any successful attacks on these major enterprises would be quickly mitigated with minimal associated costs.

Public companies not only provide fertile ground for cybercriminal attacks; they also have some issues that are either unique or especially troublesome for them:

• They are high profile targets, which enhances the reputation of successful cybercriminals’ credibility as serious threat actors; 
• Due to public reporting requirements, their financial positions, including available cash and equivalents for potential ransom demands, are transparent to hackers.
• The types of confidential information they possess (personal information, personal health information, login information, financial data, intellectual property, and trade secrets) are often known because of SEC disclosure requirements; 
• They are particularly vulnerable to class-action lawsuits;
• Officers and directors have heightened responsibilities to public company stakeholders;
• The SEC requires that Exchange Act reporting companies make annual disclosures about their cybersecurity risk management, strategy, and governance;
• Public companies are at risk of SEC enforcement actions, as exemplified by the recent SEC lawsuit against SolarWinds, which has highlighted the SEC’s intensified focus on cybersecurity for all public companies.   

The combination of these factors underscores the need for executives and directors to place greater emphasis on cybersecurity and addressing cybercriminal threats. However, navigating this domain requires specialized knowledge. What should a director or officer without technical training do in response? The initial step is to gain a deeper understanding of why these security breaches continue to occur and seem to be escalating, even as more funds are allocated to cybersecurity measures.

Why Cybercriminals are Avoiding Detection

Advancements in cybercriminal tactics, techniques and strategies have given hackers an edge in infiltrating companies’ computing environments undetected by cybersecurity defenses.  Cybercriminals are often effectively circumventing conventional security measures without immediate detection, allowing them to penetrate enterprise networks and cloud systems. Simply put, it is not possible to completely prevent cybercriminals from infiltrating your computing environment, because of enhanced criminal techniques and tactics:

• Zero-Day Exploits: These are previously unknown vulnerabilities in software or hardware that cyber attackers exploit before a patch becomes available. They can use these exploits to access systems, exfiltrate sensitive data, or execute malicious code. Even when a zero-day vulnerability is identified and a corresponding patch is issued, the intricate process of applying updates to substantial IT systems can leave these security gaps exposed for months afterward. 

• Social Engineering Tactics: These include phishing, pretexting, baiting, and impersonation. Attackers exploit human psychology to bypass technical defenses, leading to significant security breaches.

• Supply Chain Attacks: Cybercriminals target software or hardware supply chains to compromise the security of a broader user base. These attacks involve tampering with products during development or distribution stages, causing widespread security failures.

In today’s rapidly changing landscape of cyber threats, the likelihood of successful hacker incursions is on the rise. Sophisticated strategies like zero-day exploits, social engineering, and supply chain attacks can circumvent traditional security measures such as authentication and Endpoint Detection and Response systems. Identity and Access Controls (IAC) and firewalls often fail to detect these advanced methods. Once inside, hackers use sophisticated methods to bypass authentication, plant malware remotely, and establish persistent access. These tactics enable hackers to penetrate and establish a presence in networks or cloud environments, remotely install malware, and maintain ongoing access. Once they breach a system, they can navigate through it, escalate privileges, and introduce ransomware and other malicious payloads. Following the initial compromise, these attackers can take over vital systems and conceal their identities while engaging in detrimental activities. The affected systems turn into operational hubs for the hackers, whose sophisticated methods complicate efforts to identify their intrusion.

Very large financial institutions appear to be highly successful in defending against these attacks; how do they do it?

Very large financial institutions have developed a reputation for effectively thwarting cyberattacks, raising the question: how do they manage this? When it is not feasible to prevent an intruder’s initial entry, a holistic and robust cyber defense strategy is essential, involving a comprehensive cybersecurity solution. This approach includes continuous monitoring and collection and analysis of critical data from both on-premise systems and cloud-based environments. This typically involves collecting and analyzing billions of logs daily (requiring enhanced collection techniques and a robust analysis engine). It integrates these functions with a threat intelligence platform that supports ongoing vulnerability assessments and enables real-time responses. To facilitate these operations, these institutions maintain a 24/7 security operations center (SOC), staffed by a team of highly trained analysts and engineers. This high level of preparedness and response capability has proven to be highly successful for major financial institutions, money-center banks and other substantial financial entities. 

However, despite the effectiveness of such advanced cybersecurity measures, they often remain out of reach for other public companies, especially mid-market enterprises, primarily due to the significant costs involved. The challenge of balancing budget constraints with the need for comprehensive cyber defense mechanisms to protect assets and client data is daunting.

Our innovative approach to solving this problem

At Secnap , we recognized the need for a comprehensive cybersecurity solution that emulates the holistic approach being applied successfully at major financial institutions, but affordable for everyone. In response to these growing threats, we created CloudJacketXi™, a multi-layered security solution designed to both address the unique challenges faced by public companies, and be affordable by everyone.

CloudJacketXi is a complete security platform. It provides an all-encompassing, multifaceted cybersecurity solution that matches the robust defenses used by Fortune 500 companies:

• Unparalleled Visibility: CloudJacketXi goes beyond traditional EDR, providing Extended Detection and Response (XDR) capabilities. This grants organizations a unified view of activity across all endpoints, networks, cloud environments, and user behavior. This comprehensive visibility allows for early detection of suspicious activity and potential breaches.
• Data collection techniques: Using both software agents (lightweight and multi-purpose, installed on endpoints such as laptops, desktops, servers, cloud instances, and virtual machines) and agentless monitoring (for firewalls, switches, routers, etc.), CloudJacketXi collects data from all key sources in network and cloud environments.
• Advanced Threat Detection: CloudJacketXi leverages its cutting-edge threat intelligence engine and machine learning to identify and neutralize even the most sophisticated cyberattacks. CloudJacket’s eXtended intelligence engine analyzes network traffic, user behavior, and endpoint activity to detect anomalies and identify potential threats before they can compromise data or disrupt critical systems. It uses our proprietary software to analyze and correlate the data to accurately parse through the 100’s of millions of potential threats and behavioral anomalies that occur daily in a network or cloud, identifying those that are real threats, and presenting these threats to our U.S.-based SOC analysts for final analysis via our proprietary security operations centers’ dashboard.
• Proactive Threat Hunting: CloudJacketXi goes beyond passive detection. Our team of cybersecurity experts actively hunts for threats within your network, proactively identifying vulnerabilities and potential attack vectors before they can be exploited. This proactive approach significantly reduces the risk of successful cyberattacks.
• Compliance Reporting: Many industries are subject to a myriad of complex compliance regulations, including Payment Card Industry (PCI DSS), National Institute of Standards and Technology 800-53 (NIST 800-53), Trust Services Criteria (TSC), General Data Protection Regulation (GDPR), and Health Insurance Portability and Accountability (HIPAA). CloudJacketXi provides robust compliance reporting capabilities that help organizations adhere to regulatory standards such as PCI DSS, NIST 800-53, TSC, GDPR, HIPAA, and more. The platform identifies compliance deviations as they occur, enabling immediate corrective actions. The reporting tools are highly customizable, allowing users to generate detailed reports tailored to specific regulatory requirements. These reports are essential for audits and provide clear insights into the security posture of the organization, making it easier for businesses to maintain continuous compliance with evolving regulations.
• Eliminate Alert Fatigue — 24/7/365 Security Operations Center (SOC): Our dedicated team of highly-trained security professionals based in the USA monitors your network around the clock, providing real-time threat detection, investigation, and response. This eliminates the hundreds (or even thousands) of daily alerts your IT staff would otherwise need to handle from traditional cybersecurity solutions, and ensures your organization has access to the expertise needed to effectively respond to any security incident.

With us, you get an unparalleled blend of protection, detection, and response capabilities, all bundled into one powerful package. CloudJacketXi provides state-of-the-art protection against malware, ransomware, data breaches, unauthorized access, and other sophisticated attack vectors. Our value lies not just in our defense system, but in the peace of mind we provide, allowing you to focus solely on driving your business to new heights. Explore CloudJacketXi, go to https://www.secnap.com/cloudjacket-xi/.

Don’t Wait Until It’s Too Late

Cyberattacks are a constant threat for businesses and governmental entities of all sizes. Don’t wait for a breach to expose the vulnerabilities in your IT environment. Discover how CloudJacketXi can transform your cybersecurity posture. Contact us to learn more and take the first step towards ensuring your organization has the comprehensive security solution needed to protect your patients, your data. Complete the contact form or call 954-350-0712.

Our next blog post features a FREE, downloadable SEC cybersecurity checklist specifically designed for executives and directors. This checklist will equip you with the essential knowledge and actionable steps to help your company meet critical cybersecurity standards. Stay ahead of regulations, protect your valuable data, and gain the confidence to lead your organization’s cybersecurity strategy.