Wednesday, March 14, 2018

Prevention is your best attack

It was not until July 3 and 4, 1940, when the British detected the first signs that the invasion of the British Islands was being prepared. Despite making aerial examinations of the area looking for artillery constructions, they did not find anything remarkable, or in case of finding it, they did not find it sufficiently important to take action. It was not until September first that the British people were able to confirm that there were clear signs that the invasion of England was taking place.

History leaves us many lessons to learn, and this leaves us a great lesson: early detection and a good defense strategy can save you a lot of casualties. From CIGTR, we have already talked several times about the risks and cyberattacks that the health sector faces. The latest study named "Impacts of cyber insecurity on healthcare organizations" shows exactly what are these challenges and how companies face them if they do. In this survey, 627 executives in the sector have been interviewed. Do you want an advance? 62% admit to having suffered an attack in the last year. In many of these cases, the losses were translated into patients’ personal data.

During 2017 all sectors suffered an increase in the attacks received, but making an analysis of the cybersecurity landscape, the health sector is the one that receives more than 23% of cyber attacks during the past year, in other words, the filtering of more than 5 million patients records.

The health organizations are aware of this problem, and their concerns are not entirely clear. The 63% of respondents are concerned about external attacks, while the 64% fear the negligence of their employees or malicious people attacking the company internally.

One of the biggest concerns, when an attack is received, is the loss of the patient's medical records, with 77% of the answers. In second place is the loss of the patient's billing information, followed by the fear that the login credentials will be compromised.

Among the multitude of attacks, the use of existing software weaknesses of more than three months is more common in 71%, followed closely by malware attacks through the web. Although the results of this survey reflect that traditional attacks continue to be the strong point of cybercriminals, the increase in ransomware has been 37% during this 2017, which confirms the income earned by cybercriminals thanks to data retention systems.

When receiving a cyber attack, the great part of the guilt comes from the attacker, but there is a percentage of guilt that comes from the one who does not know how to stand for correctly. The 65% of respondents do not utterly trust the medical devices with which they work because they are not included in their security strategies. Worst of all is that 31% of respondents do not plan to take the step and include them in their strategies.                                                                                                                                                                                                                                                                      As well as the lack of security of medical devices means a threat, the employees of the organizations are the Achilles heel for security. 52% of respondents agree that the lack of awareness and training of employees affects their ability to achieve effective security. In addition, 74% indicated the lack of staff as the biggest obstacle to maintaining a totally effective security posture.

The attacks are there and being the next target is only a matter of time. Once it is accepted, it´s necessary to prepare the defense and to leave so little attack surface that in case of receiving it the control would be total. An incident response program, in many cases, is as effective as an attack strategy.


Post a Comment