October 31, 2018
5 minutes

5 Cybersecurity Keys to Protect Your Digital Assets Now

Five keys to keeping cyber attackers from finding and exploiting the chink in your cybersecurity armor.

Cyber attackers only have to find one chink in your cybersecurity armor.

With networks comprised of many different types, brands, and models of hardware, running myriad applications and software, all interconnected via wifi to the internet, can there ever be enough armor?

Attackers are betting the answer is no. And it may well feel that way when it’s your job to keep them out.

So, here are five things you can do now to stay one step ahead:

·     Take a fingerprint of all assets on your network

·     Join an ISAO for really good and continuous threat intelligence

·     Install a breach detection system

·     Add a honeypot with the ability to investigate and alert

·     Collaborate and make every person in your company a human firewall

Fingerprint Assets

“Most organizations don’t know what’s on their networks,” says Sensato CEO and cybersecurity expert John Gomez. “Attackers have a better chance of cataloging your network than you do—so we recommend that you use the same techniques to take your own inventory and get a real, intimate understanding of the assets on your network.”

That inventory should include social graphing—identifying which systems can absolutely never go down by looking at traffic patterns to determine which systems everyone relies on.

Gather and Share Intelligence

The Department of Homeland Security (DHS) encourages the development of and participation in ISAOs (Information Sharing and Analysis Organizations) so that organizations can collaboratively share and respond to cyber risks quickly.

Sensato, Beebe Healthcare, CHOA, and others felt so strongly about the lack of collaboration among cybersecurity professionals, especially in healthcare, that they formed the Medical Device Cybersecurity Task Force (MDCTF) in 2016 with a goal to move quickly and minimize bureaucracy to better address medical device cybersecurity. MDCTF has now become the Sensato-ISAO, which entered a trilateral agreement to collaborate with FDA (Food and Drug Administration) and H-ISAC (Health Information Sharing and Analysis Center).

Knowledge is power. Learn how to harness it here.

Still in the early stages, the new partnership with the FDA and H-ISAC is seeking ideas and looking toward the future. “We should be looking toward what we can share with other industries and manufacturers to improve consumer safety,” says Mike Maksymow, CIO of Beebe Healthcare. “The more we can collaborate, sharing information, best practices, and open source programs, the better we can protect our organizations, each other, and the public.”

Detect Breaches Early

We know firewalls help; but we also know that dedicated cyber criminals can and will find a way through the wall. That’s why we recommend a breach detection system that’s host and network-based so you can learn sooner rather than later about breaches, study their signatures, and shut them out from further intrusion.

“Our BDS is a telecom-grade platform, built with the prime directive that you can’t have telecom networks going down, no matter what,” says Gomez. “Integrated with intelligence feeds, we made it simple and flexible for optimal implementation.”

You can catch more attackers with a honeypot—sweet!  Learn more.

Set a Honeypot

The average attack can be completed in 14 minutes, so it’s important that your breach detection platform saves you time in detecting a breach and enabling your most effective response. That’s where honeypots shine. More than just alerting you to an intrusion, a honeypot allows you to monitor and track the attackers’ activities and gives you tools for responding to the attack.

“Attackers know they can get around firewalls and even breach detection systems,” says Gomez. “The one thing that scares them is honeypots, because they know it can be hard to spot them and once they stumble into a honeypot, they’re caught.”

Ask your cybersecurity partner if your honeypots can be connected to their ops center for best coverage and response.

Collaborate at Every Level

One of the biggest problems in cybersecurity is that it’s been chaotic and fragmented across many different entities, with individual programmers designing security software and systems essentially in a vacuum. Most solutions are trademarked and protected, with developers guarding the secrets of their programs and companies protecting their profits.

That’s not how attackers, work, though. “Attackers are a very collaborative group. You can post a question online, asking for help breaking into something, and you’ll get a bunch of really helpful responses,” says Gomez. “It doesn’t matter what their ideology is. It doesn’t matter what country they’re from. It doesn’t matter what their mission is. They will collaborate.”

That’s why Gomez and other cybersecurity experts recommend that every member of an organization be included and involved in cybersecurity efforts at some level—creating “human firewalls” who are aware of the various types of threats, know how to avoid falling into phishing and other social attacks, and how to report suspicious activity.

Learn more about the attacker’s perspective, and how to use it to gain the advantage.

Cybersecurity Awareness Month Recap - Resources and Tips
October was National Cybersecurity Awareness Month which is meant to put a spotlight and focus on cybersecurity education and taking action to protect yourself and your organization from a cyberattack. Here’s a roundup of some of the top things we shared in October.
Four New Phishing Tactics to Watch Out For
By now most healthcare organizations perform cybersecurity awareness training and their staff are on the lookout for phishing emails. Cyber attackers are getting more savvy, however and are coming up with new phishing techniques that are harder to spot. Below are some examples of these new tactics and how to spot them.
Real-time Review of Oklahoma State University Cybersecurity Breach
Healthcare organizations that are victims of a cyberattack are reported daily. Reviewing OCR findings to identify actions you can take to protect your organization from similar attacks is a good best practice. Here is a review of the OSU breach to use as an example.
No items found.