Menlo Security Cloud Security Platform is FedRAMP® Authorized
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Nov 06, 2019
Share this article
It started as a phishing expedition and ended up being the largest data breach in the history of Singapore. It was June 2018. The FIFA World Cup was in full swing, Jurassic World hit theaters worldwide, and a low-level administrator with SingHealth, the country’s largest healthcare network, clicked on a seemingly innocent link in an email.
Unbeknownst to the user and the organization’s cybersecurity team, the link installed custom malware on the user’s computer, which gave attackers access to the SingHealth system. After several months, the attackers started distributing malware and stealing credentials, including those that gave them access to the electronic medical record (EMR) database where they were able to steal the personal data of more than 1.5 million patients—even prescription data for the prime minister. Throughout the attack, the attackers avoided secondary targets that could have given them away, and they destroyed evidence of their presence. The breach wasn’t discovered until months later, and by then, it was too late.
To its credit, SingHealth worked with the government’s cybersecurity agency to investigate who committed the largest breach in the nation’s history and how the attackers were able to circumvent the organization’s defenses. A Committee of Inquiry (COI) released a report in January 2019 that outlined 16 recommendations that SingHealth and other organizations can put into practice to mitigate future attacks. Five of the recommendations can be implemented with Internet isolation technology.
1. Staff awareness of cybersecurity must be improved to better prevent, detect, and respond to security incidents.
Given the severity of the SingHealth data breach and the effectiveness of Internet isolation in preventing phishing attacks, it’s likely that other federal governments will consider adopting similar recommendations. In the interest of protecting the privacy of their citizens, it’s even likely that the recommendations will become regulatory requirements.
Posted by Menlo Security on Nov 06, 2019
Tagged with Isolation
Protecting the Remote Workforce
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.