What Will It Take to Thwart Cyberattacks? IBM Securities X-Force Has Unearthed These Vital Suggestions

IBM's X-Force Threat Intelligence Index sheds light on where today’s cyberthreats are most prevalent and how to safeguard against them.

By: Raquel Moreno | March 31, 2022

Cybercrime today is not just about money; it’s also about leverage.

This observation, made by the head of IBM Security’s X-Force, is evident as supply chain security remains top priority for governments around the world — especially in light of ongoing global labor shortages, transportation delays, and of course, the Russia-Ukraine conflict.

As Fourth Industrial Revolution technology continues ramping up the “smart” profile of factories, ransomware attacks on manufacturers are now keeping up pace with those previously centered on financial services providers and insurers.

What will it take to guard against cyberthreats on vital global industries? Identifying and securing vulnerabilities for starters, as IBM Security’s 2022 X-Force Threat Intelligence Index revealed.

Key Index Findings

Manufacturing was the most threatened industry in 2021. Cyberattacks on manufacturers exceeded those aimed at financial services and insurance in 2021, representing 23.2% of the attacks X-Force remediated from January to December 2021.
Ransomware remained the number one attack type observed by X-Force.
Ransomware organizations wrecked global havoc for an average of 17 months before rebranding or shutting down in 2021, though the most successful ransomware gangs operated for up to 31 months (two and a half years) before disbanding.
Phishing was the top technique used for initial access among 41% of cyber incidents X-Force remediated in 2021.
Vishing is on the rise. The click rate for the average targeted phishing campaign was 17.8%, but targeted phishing campaigns that added phone calls (vishing or voice phishing) were three times more effective in 2021, netting a click from 53.2% of victims.

Second Place Is Still Vulnerable

Corey Hamilton, global financial services leader, IBM Security Services

Slightly outranked by manufacturing as top targeted industry, finance and insurance organizations were the target of 22.4% attacks remediated by IBM’s X-Force team in 2021. Of these attacks, 70% were on banks, 16% were on insurance organizations, and 14% were on other financial organizations.

The financial industry’s drop from most targeted industry on the index suggests that “the high security standards in place at most financial organizations are yielding concrete results” the report authors noted.

A key component to security success for financial organizations has been tapping into hybrid cloud environments that allow for better visibility into and management of sensitive data.

“Getting that visibility and prioritization is absolutely critical,” said Corey Hamilton, global financial services leader, IBM Security Services. “With cloud … that visibility is built in.”

And in legacy mainframes, “an organization may not have the best visibility into the protection of the data,” Hamilton added.

Rather than an organization internally managing and storing data, hybrid cloud environments establish a baseline for consistency — teams, tools, controls — that can be easily and quickly automated, Hamilton noted.

“In the event that there is a known deficiency — it could be in a completely separate client or a completely different industry — the largest cloud security providers know that there are issues and can automate those away,” Hamilton said.

Cloud environments also have the benefit of being able to create a single standard for security controls. “In the financial services space, there are regulatory controls and requirements, and having those being built upon the cloud is certainly a unique factor that ensures the proper security controls, and the implementation of those controls, take place,” Hamilton said.

For financial enterprises and insurers working on their digital transformations, Hamilton recommends opting for specialized clouds. Going with a cloud service provider that has specialized controls based on industry regulations and privacy mandates is “the most cost-efficient route to a secure starting point,” to get ahead of cyberthreats Hamilton said.

Expect a Breach and Adopt Zero Trust

Every industry has its vulnerabilities, and these are the gateways cybercrime organizations seek out to infiltrate data systems and bring business to a halt. But with staffing fluctuations reaching record levels, especially in sectors like manufacturing, how can companies identify and safeguard their security weak points? All arrows point to zero trust.

In order to maintain trust with stakeholders as well as the clients whose data they safeguard, the X-Force report recommends companies adopt a zero-trust approach to security and data management. By assuming that a breach has already happened, zero trust is centered upon a “least privileged principle model,” Hamilton explained.

This comes down to ensuring that “organizations staff only have access to the amount of data that they need to do their job and nothing more,” Hamilton said.

Multifactor authentication (MFA) also plays a key role in applying zero trust as well. A key component of strategies to minimize business email compromise (BEC), in 2021 the X-Force team found that in regions where widespread MFA implementation saw a significant decrease in successful BEC attacks.

Take Inventory of Security

From an organizational security standpoint, global business has reached an inflection point, Hamilton said, “where some organizations have advanced their digital footprint 15 years in say the past two years.”

As industries continue to embrace automation, shift to remote work, and more financial transactions are completed online, now is the time for organizations to take inventory of their security posture.

“We’re kind of settling into a norm and we want to make sure that there aren’t leftover accelerated processes that may be introducing more risk into an organization,” Hamilton said.

Now is the time, Hamilton said, “to step back and ensure that the organization, from a security standpoint, is as mature as it was before the rapid onset of COVID and the current situation that we’re in.” &

Raquel Moreno is a staff writer with Risk & Insurance. She can be reached at [email protected].

Dangerous Jobs: Why Health Screenings Are Critical to Protect Firefighters

The implementation of an annual wellness-fitness program can improve firefighter fitness and ultimately help save lives.

By: Concentra | May 1, 2024

It’s impossible to ignore the great risks taken by firefighters. They experience injuries in large numbers and there is significant loss of life. Almost half of this loss of life is due to cardiovascular events. Additionally, studies suggest that there is an increased risk of the development of certain cancers.

These brave men and women put their lives on the line to rescue and protect others. They won’t hesitate to run into a burning building while wearing heavy gear and carrying heavy equipment in order to save lives.

“Their job requires a combination of performance, mobility, strength and endurance, and it often exposes them to environmental hazards and psychosocial hazards as well,” said Dr. Latha Brubaker, senior vice president of medical operations at Concentra.

“Being a firefighter can be physically difficult, it can be dangerous, and the impact of fighting fires and rescue can have a behavioral health impact, as well.”

Given the physical and emotional challenges associated with their jobs, firefighters need to be in top physical condition. Regular holistic health screenings and preventive conditioning programs can help protect these heroes, ensuring they have long careers serving their communities.

A Dangerous Job

Dr. Latha Brubaker, Senior Vice President Medical Operations at Concentra

To understand the physical and mental health threats firefighters face, it’s important to examine how firefighting exposes them to a number of different risks. Their job is physically taxing. They must wear heavy gear to protect them from high-temperature exposure while rescuing people and pets. They have to climb ladders and stairs during rescue operations. Although wearing masks to limit these exposures, firefighters can inhale smoke and be exposed to harmful chemicals and environmental toxins, increasing their risk of certain cancers.

“Firefighters have to climb ladders and stairs, all the while hauling very heavy and unruly fire hoses and wearing very heavy equipment and PPE,” Brubaker said.

While completing these physically demanding tasks, firefighters can inhale smoke and other environmental toxins, increasing their risks of certain cancers. A study of 30,000 firefighters spanning from 1950 to 2009 found that firefighters were 9% more likely to be diagnosed with cancer and 14% more likely to die from the disease than the general population.

Outside of the physically taxing elements, firefighters often work in distressing circumstances. There may be thoughts of the personal risks taken to save others. They witness significant injuries and loss of life.

All of these situations have the potential to be emotionally distressing for firefighters. That’s why a number of states — including California, Tennessee, Florida and Georgia — have passed or are considering passing laws that include PTSD benefits under workers’ comp coverage for firefighters.

“We’ve really doubled down on our commitment to behavioral health, and we’ve gone so far as to partner with some third-party resources that have expanded our ability to provide behavioral health support,” said Chris Studebaker, senior director of onsite preventive services at Concentra.

Protecting Firefighter Health

Chris Studebaker, Senior Director of Onsite Preventive Services at Concentra

Unlike in other professions, it’s hard to reduce the number of physical and environmental hazards a firefighter faces on the job. Yes, PPE can go a long way in protecting firefighters from burns and other injuries, but the physical demands are also extreme. Firefighters are wrangling heavy fire hoses to stop the damage. In addition, they are often lifting people and maneuvering in confined or challenging spaces.

In order to make sure firefighters are up to the task, many departments conduct annual physical health assessments so that they can be certain their firefighters are physically and mentally prepared for the job. Medical personnel follow the guidelines provided by the National Fire Protection Association (NFPA) Standard 1582 on Comprehensive Occupational Medicine Programs for Fire Departments which helps them determine if there is a condition present that may prevent a firefighter from performing their essential job functions.

The Joint Labor Management Wellness-Fitness Initiative, comprised of two major fire service organizations, worked to develop a comprehensive wellness-fitness program. Based on this initiative, NFPA developed standards regulating these programs. This resulted in the suggestion of adding cancer screening, fitness assessments, and behavioral health screening to the periodic health assessments of firefighters.

“Some fire departments are now asking us to perform cancer screening,” Brubaker said. “Cancer screening recommendations are made by the US Preventive Services Task Force, for example, and are based on a systematic review of scientific evidence published in peer-reviewed journals. When determining the appropriate screening tests, it is important to review the USPSTF recommendations with the understanding of the potential additional risks amongst firefighters for certain cancers.

Sleep health is another area of issue in the fire service due to the 24 or 48-hour shift schedule and the mental strain and stress of the job.

Beyond screenings, firehouses can opt to partner with providers of on-site health services, including physical therapists who can work collaboratively with employers to develop and implement injury-prevention programs. Known as “tactical athlete programs” because their rigor is like that of the training a pro athlete would undergo, these solutions can help catch injuries before they become severe and help keep firefighters’ bodies functioning optimally to enable them to perform their job.

Wearable technologies, too, are likely to play a role in keeping firefighters safe in the future: “We’re seeing the use of wearable tech sensors that look at environmental exposures and heat. And now the technologies can even track their sleep health” Studebaker said. “I think the future of wearable tech is going to shift away from discrete individual devices and more towards garment-based sensors.”

A Trusted Partner for Firefighter Physicals

The physical rigor required to fight fires combined with the emotional stressors present in the job mean that employers need to put extra care into guarding firefighters’ health and safety. Firefighters should undergo regular physical exams, and Concentra is just the partner they need to conduct these physicals.

Concentra clinicians perform examinations, imaging, and lab tests that meet the National Fire Protection Association standards.

Firefighters who undergo these examinations will complete a physical fitness test that assesses their lifting, pushing, pulling, carrying, climbing and other abilities. These kinds of assessments can guard against musculoskeletal injuries common in the industry.

Should an injury occur, the clinician utilizes a conservative treatment approach, with an emphasis on active rehabilitation. Since firefighters are in safety sensitive positions, opioids are usually avoided.

“Musculoskeletal injuries can be managed without the use of opioids,” Brubaker said. “Our approach is a conservative one with the use of physical therapy, when appropriate, and anti-inflammatory medication, if needed. We try to avoid prescribing opioids. Opioids are typically unnecessary.”

A Concentra clinician will perform lab tests including a complete blood count, comprehensive metabolic panel, lipid panel, and urinalysis as well as TB tests. They will do alcohol and drug tests. They will perform audiograms, pulmonary function tests, chest X-rays and EKGs. They will complete a cardiovascular risk assessment and depending on age and the level of risks, a stress test will be performed either at the onsite clinic or a cardiology office.

“It’s important for us to make sure in the first place that they’re healthy from a cardiovascular perspective, that they’re healthy from a respiratory perspective,” Studebaker said.

Behavioral health screening and cancer screening can be performed at Concentra Onsite Health clinics. Clinicians can conduct screenings for six cancers firefighters are at elevated risk for: colorectal, prostate, skin, blood, thyroid and bladder.

Concentra Onsite Health clinicians assess firefighters’ health holistically — something that is essential for a job that is both physically and emotionally taxing. By providing whole-person care, Concentra Onsite Health aims to guard firefighters’ health so that they can come home to their families after a day of protecting others.

“Most firefighters are very passionate about the work they do. They are vital members of their community and take risks every day to keep these communities safe. The work of a firefighter can have an adverse impact on their long-term health and well-being. It is equally vital that we take care of our firefighters and do what we can to improve their overall health.”

To learn more, visit: https://www.concentra.com/

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Concentra. The editorial staff of Risk & Insurance had no role in its preparation.

Concentra® is America’s leading provider of occupational medicine, delivering work-related injury care, physical therapy, and workforce health services from nearly 520 Concentra medical centers and more than 150 onsite clinics at employer locations nationwide.