When lives are at stake, enhanced cybersecurity is paramount
Peter Margaris, Head of Product Marketing November 4th, 2020
Healthcare providers, already struck by the COVID-19 pandemic, were recently put on high alert by major government agencies. Recent warnings issued by the U.S. Department of Homeland Security Cybersecurity Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services stated an imminent threat of highly sophisticated Trickbot malware and Ryuk ransomware were targeting the sector.
The healthcare sector is becoming an ever-increasing target of nefarious cybercrime offenders. These latest attacks, as well as the United Health Systems malware attack in early October, resulted in significant disruptions across 400 hospitals. They are unprecedented in magnitude for the U.S., given their timing in the heat of a contentious presidential election and the worst global pandemic in a century.
Critical targets are under siege
Organizations in the health sector and critical infrastructure have been particularly attractive targets for cybercriminals in 2020, as revealed in our 2020 Vulnerability and Threat Trends Mid-Year Report. One reason for this is that cybercriminals are aware of the importance of the work being done by health professionals to treat people during the COVID-19 pandemic and develop a vaccine as quickly as possible. They know that organizations will pay through the nose to decrypt critical data and are unsympathetic to make financial gains.
Earlier this year, the U.S., UK and Canadian security agencies circulated an astonishing joint statement.2 It alleged that the cybercriminal group known as Cozy Bear, on behalf of Russian intelligence, was on a mission to steal vaccine research from health tech firm IQVIA. It is not clear whether this was a nation-state attack or profit-driven. What matters most is that it happened and could happen again. Given this attack’s context, health organizations should have had heightened awareness that an attack such as this was bound to occur.
We have also witnessed the horrific ransomware attack that struck Dusseldorf University Hospital earlier this year, which made evident that it is not just data but also human lives at stake when it comes to effective cybersecurity. The attack shut down the entire A&E department, which led to a patient dying when moved to another facility 20 miles away.
With foundational industries at such risk, protecting against malicious activity must take priority. Yet, when under pressure, it is incredibly challenging to build an understanding of what threats might be on the horizon. Therefore, context awareness needs to be grounded in establishing the right preventative measures to mitigate future attacks.
How to establish more resilient and preventative cybersecurity measures
To address the rising volume of vulnerabilities and increasingly sophisticated hackers, it is clear that healthcare security and risk management teams need to have the full context of their attack surface to efficiently identify and remediate risks that pose the greatest threat to organizations. The only way to achieve this is to move beyond merely scanning and patching towards taking a full life-cycle unified vulnerability management approach. Here are five steps to building a more resilient cybersecurity program.
1) Evolve the Tech Stack – To maximize investments and gain the clarity to minimize and mitigate risk, security leaders must align their technology stacks to critical business outcomes and long-term value. Rather than buying more point solutions, CISOs and their respective teams must optimize and evolve investments to provide a holistic view of healthcare infrastructure. CISOs must prioritize solutions that integrate currently unstructured data to clarify critical vulnerabilities and assets to deliver insights for informed decisions when looking at technology investments.
2) Gain Full Network Visibility – Security and IT organizations need complete visibility and analytics to quickly map, validate and remediate vulnerabilities across all healthcare system networks, cloud environments and endpoints wherever they are. Not an easy task. It requires establishing a mature and tightly connected security management framework that spans planning, implementation and ongoing change management workflows.
3) Improve Discovery Capabilities – Once CISOs achieve visibility, it is crucial to add capabilities that continuously discover all vulnerabilities within security environments. A successful vulnerability management program starts with accurate vulnerability data. Active scanning is an essential component of the discovery phase but has its limits. Today’s networks are filled with blind spots that scanners simply cannot cover. However, this can be addressed by bringing together disparate data repositories, such as patch and asset management systems, configuration data, threat intelligence feeds and network security devices.
4) Prioritize Vulnerabilities Based on Exposure – If an asset isn’t exposed, is it really vulnerable? Moving towards a vulnerability management program led by an understanding of exposure starts by having comprehensive insight into the organization’s current vulnerabilities. By combining external threat intelligence and internal network intelligence (including insight into network topology and security controls), healthcare system security teams can determine how exposed the vulnerability is within a network by simulating attacks on the network model created during the initial visibility phase.
5) Focus Remediation Where It is Needed Most – With effective discovery and prioritization practices in place, organizations achieve targeted vulnerabilities that they know require their immediate attention. Top priorities are vulnerabilities that are on important assets, exposed to a threat origin and with an active exploit. At this stage, the CISO and their team have a lighter workload and can better focus remediation where it matters most.
Cyberattacks can be devastating, especially for healthcare institutions. Full recovery can take months, not to mention incurring potential fines and reputational damage. With human lives at risk, it has never been more important for critical organizations to take a more proactive approach. But if security teams are just waiting to catch malware without implementing a more holistic, unified approach, further attacks and increased human costs are inevitable.
To learn more about unified vulnerability management, visit: https://www.skyboxsecurity.com/trends-report/