‘Insider attacks’ that breached vaccination system hardest to prevent | #government | #hacking | #cyberattack


The breach came to light when people who had booked vaccines began to receive scam texts on their mobile phones.

Article content

Data breaches by someone working on the inside like the one that is alleged to have affected Ontario’s vaccination booking system are among the most difficult to guard against, says a cyber-security expert at Carleton University.

Advertisement

Article content

“This kind of breach is known as an ‘insider attack.’ Insider attacks are notoriously difficult to deal with,” said Jason Jaskolka, an assistant professor in
systems and computer engineering.

“While completely eliminating these threats is nearly impossible, there are several ways in which such breaches can be prevented,” Jaskolka wrote in an emailed response to questions.

On Tuesday, the Ontario Provincial Police charged a provincial government employee from Ottawa, 21-year-old Ayoub Sayid, along with Rahim Abdu, 22, of Vaudreuil-Dorion, Que., with unauthorized use of a computer. Sayid lives in Gloucester and worked for the Ministry of Government and Consumer Services vaccine contact centre.

Police described Sayid as an “individual who worked through a third-party vendor in the vaccine booking call centre.” He is no longer employed by the government.

Advertisement

Article content

The breach came to light when people who had booked vaccines began to receive scam texts on their mobile phones that appeared to use the same information appearing on their health records. Police said the accused did not access any confidential health information, but investigators weren’t sure how many people were affected by the breach.

“We are still investigating to determine the scope as to how many were impacted. Our investigators are continuing to examine the devices that were seized,” OPP spokesperson Bill Dickson said Wednesday. “We may not be able to reach out to all those who may have received a text, but this is why we wanted to get this out through the media as soon as possible.”

Jaskolka said companies and institutions should apply the “principle of least privilege,” meaning employees should only be given access to data and resources that they need to perform their jobs. Periodic training on security threats is also helpful, he said.

Advertisement

Article content

“Such attacks can also be deterred by monitoring user (employee) behaviours and controlling and logging accesses from all devices, including mobile devices. Although less popular among employees, this approach can be quite effective,” he said.

“When securing systems and networks, the focus is often placed on keeping the bad actors from the outside from getting in. However, often much less attention is given to the people on the inside. There is an inherent trust in employees and personnel that can sometimes be misplaced. Insiders can take multiple forms ranging from malicious employees that actively seek to do harm (which it appears to be the case in this attack) to negligent or careless employees that accidentally cause harm to unsuspecting employees that may have their credentials stolen without even knowing it.”

That risk is even greater now that many people are working from home, especially if they are using their own phones and computers.

“With the move to ‘work-from-home,’ the adoption and reliance on cloud services and technologies has transformed how many organizations operate. This has impacts on the way in which systems are accessed from home, often using home PCs, devices, and/or networks that may not have the same levels of protection as on-premise devices and networks,” Jaskolka said.

    Advertisement

    Comments

    Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.



    Original Source link

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    eighty seven − = eighty