Managed IT Services Blog

In our last post, we discussed five of the top cyber security trends for 2020. Security analysts are predicting that phishing attacks will continue to increase, and that hackers will accelerate their use of AI-powered tools to automatically carry out attacks. Mobile devices will be targeted, as will data that’s stored in the public cloud without effective security controls. Analysts are also expecting an increase in “ripple effect” incidents in which multiple parties in a supply chain are attacked.

Cyber security is rapidly changing game of cat and mouse, with IT professionals attempting to stay one step ahead of increasingly sophisticated attackers. That’s why it’s important to keep abreast of emerging attack vectors and other issues impacting the security climate. Here’s a look at some of the future trends in cyber security that security analysts are predicting for 2020, and what organizations can do to reduce their risk.

In a previous post, we discussed the “last mile” connectivity problem — the limited performance associated with the shared Internet services available to remote offices and users. Most corporate data centers have a dedicated telecom circuit with guaranteed bandwidth and SLAs. However, it’s typically not cost-effective or even feasible to provision such circuits for remote locations.

In our last post we discussed the Patient Driven Groupings Model (PDGM), an overhaul of the way home health providers are paid by the Centers for Medicare and Medicaid Services (CMS). The new billing model creates hundreds of new categories for home health services, and implements a 30-day billing cycle to replace the current 60-day cycle. It also changes the way providers are assessed Low Utilization Payment Adjustments (LUPAs), and uses “behavioral assumptions” to identify providers that might structure services to maximize billing.

Last year, the Centers for Medicare and Medicaid Services (CMS) proposed a new billing model for home health services that would adjust payments based upon “behavioral assumptions” as opposed to actual provider billing or evidence of changes in billing behaviors. The Patient Driven Groupings Model (PDGM), slated to go into effect Jan. 1, is expected to reduce payments for home health services by 6.42 percent in 2020 alone — an estimated $1 billion.

Getting data from a data center to a remote user involves a complex system of WAN connections. A well-managed data center will likely have a high-performance connection to an Internet service provider’s (ISP’s) backbone with guaranteed bandwidth and SLAs. The data travels over the Internet backbone at high speeds.

On September 20th, a ransomware attack forced a county health center in Wyoming to cancel surgeries, inpatient admissions, lab procedures, respiratory therapy, radiology exams and other services. Campbell County Health officials also reported that appointment schedules and medication orders were disrupted due to limited access to patient records and contact information. Although many services have been restored, the organization is still working to clean up its computer systems from that ransomware attack.

Quality patient care is the goal of every healthcare provider, but the reality is that many spend up to 60 percent of their time doing administrative tasks rather than delivering care. Doctors, nurses and administrators are all experiencing a time crunch due to steadily increasing management requirements.

On Jan. 29, 2015, health benefits provider Anthem, Inc. discovered that its IT systems had been hit with an advanced persistent threat (APT) designed to exfiltrate data. The cyber attack exposed the electronic protected health information (ePHI) of almost 79 million people, making it the largest healthcare data breach in history.

In previous posts we’ve been talking about cybersecurity in the marine industry. Malware could disrupt or disable the onboard systems in increasingly high-tech vessels. Far more likely are attacks targeting end-user devices that could result in costly IT system downtime or a data breach. In light of these risks, operators of maritime and inland marine vessels should implement a layered security approach that incorporates network and end-user security.

In a previous post on maritime cyber security, we reported on an official “Marine Safety Alert” issued by the U.S. Coast Guard in response to a cyber security incident involving a commercial vessel. The vessel’s onboard computer systems were infected with malware that “significantly degraded” their functionality. We discussed the maritime cyber security best practices recommended by the Coast Guard and the robust security tools GDS integrates into its marine connectivity solutions.

The oil and gas industry faces numerous challenges, including fluctuating prices, competition from alternative resources, geopolitical instability, and environmental and safety regulations. Companies in the energy sector must be as agile and efficient as possible to respond to changing demands, maximize market share and gain competitive advantages.

Professionals from all levels of the commercial marine transportation industry, from CEOs to deckhands, gathered in St. Louis last month for the Inland Marine Expo (IMX). IMX is the annual trade show for highlighting the latest equipment, services, trends and issues that are relevant to the transportation of goods along U.S. inland and intracoastal waterways. We at GDS were excited to be a part of IMX 2019.

On July 8, the U.S. Coast Guard issued an official “Marine Safety Alert” warning operators of commercial vessels of cybersecurity risks. The alert came in response to a February 2019 incident involving a vessel bound for the Port of New York and New Jersey.

Workers in the oil and gas industry often travel long distances to inspect and maintain pipelines and equipment. Tugboat and towboat operators are constantly moving up and down inland waterways. Construction management firms must send workers from job site to job site to oversee projects.

In a 2017 report from the Project Management Institute (PMI), 14 percent of all IT projects fail. However, this metric only tells part of the story. Of the projects that didn’t fail outright, 49% were late, 43% exceeded their initial budget, and 31% didn’t meet their goals.

The success of many organizations is largely dependent on the success of their branch locations. Satellite offices, retail stores, manufacturing facilities, distribution centers, and even vessels on inland waterways need IT resources to keep up with today’s business demands.

Not that long ago, the wide-area network (WAN) was used to connect a few branch locations to headquarters and headquarters to the public Internet. Today, the WAN has become the foundation of operations in a wide range of industries.

The cyber-threat landscape is always changing and evolving. Hackers are notoriously dynamic, constantly improving their tactics and tools to bypass the latest security countermeasures. Organizations that want to minimize their exposure to cyber threats need to be be well-informed and up to date.

As of July 20, 2018, tugboat and towboat operators must comply with new Coast Guard regulations designed to improve safety. Published in the Code of Federal Regulations at 46 CFR Subchapter M, the rules require that towing vessel operators submit to an annual Coast Guard inspection or implement an approved towing safety management system (TSMS). Many operators are deploying onboard vessel management systems to help meet these requirements, but are struggling to maintain the real-time data communications needed to make the management systems work properly and ensure compliance.

There’s a reason why more than 90 percent of targeted security threats originate in email. Human beings are the weakest link in the security chain. If an email gateway is like a brick wall that surrounds the network and only lets in a small percentage of threats, a human being is often like a turnstile that only requires a gentle push to gain entry.

Experts say that a security breach is virtually inevitable — that it’s a matter of “when” not “if.” However, rapid detection and response to a security incident can greatly reduce its impact, as GDS proved recently when it stopped a ransomware attack.

Earlier this year, an attack was carried out against IT service providers. This attack was so damaging that the Department of Homeland Security and FBI Cyber Unit issued high priority alerts. It was the kind of attack that IT providers dread...and it quickly revealed who among them was prepared and who was not.

Given that time and budgets are always limited, organizations are often reluctant to upgrade IT infrastructure that seems to be working just fine. If it ain’t broke, don’t fix it. But the fact that something appears to be working isn’t enough in today’s cyber threat climate.

According to the Center for Strategic and International Studies, cybercrime costs the U.S. economy about $100 billion each year. As soon as you think you have one threat properly defended, a new, more dangerous threat emerges. This is why organizations continue to make major investments in IT security, to prevent data breaches and minimize their impact and to satisfy increasingly complex regulatory compliance requirements.