“Blurred lines” is an apt theme for 2019.
More home and work devices are becoming one in the same, tech continues migrating to the cloud, and internet-connected everything is exponentially increasing threat vectors while healthcare CISOs are faced with defending more fronts without more resources.
This, after a bruising year of SamSam ransomware and other attacks that cost healthcare organizations millions in ransom, down time, and replacement expenses.
The EY Global Information Security Survey 2018-19 found that organizations are operating with limited resources for cybersecurity.
At a time when connectivity and continued proliferation of BYOD blur the lines between an individual organization and, frankly, the rest of the world, the question for healthcare CISOs and everyone else involved in protecting a healthcare organization’s digital assets is: How do we align our cybersecurity threat preparedness with the reality of our limited resources?
Below are some of the keys to organizational cybersecurity preparedness in 2019 and beyond:
Between BYOD, cloud apps, and IoT devices, there are too many fronts on which to fight. You can’t protect them all, and you can’t protect what’s most important if you don’t have a clear idea of what and where it is. Use AI-assistance to “see” every asset, device, application, and person connected to your network.
Analyze traffic patterns to establish a baseline for “normal” and to help in determining which systems can absolutely, positively, never go down. And then use that information to prioritize the deployment of your limited cybersecurity resources, securing, tracking, and segmenting those assets and systems of highest priority.
Use ALL your people
That means every person in your organization, not just the ones in IT. Every person who interacts in and with your network should be part of a human firewall, trained in the social threats most likely to cause security breaches. “People are still the number one threat vector, and email is the most common way people are exploited by attackers,” says John Gomez, cybersecurity expert and CEO of Sensato. “Every employee should be trained in how to recognize suspicious emails and have a clear protocol for how and to whom they can report them. They will be your first and best line of defense.”
Develop your incident response plan for the realities of current-day cyber warfare.
Embrace deception (technology)
Use deception technology to catch intruders while buying some time by taking them on a wild goose chase. Most breaches are still not detected before assets are exploited. With the use of AI, attackers can get in and get what they want even faster. Deception keeps attackers busy chasing down promising-looking targets that are really just artificial traffic. As attackers follow these false leads, it triggers an alert and your team can go into action.
Develop trust issues
Even in hospitals that prohibit BYOD, most physicians and nurses admit to using personal devices at work. Instead of trying to enforce abstinence, use prophylactic measures like multi-factor authentication, biometrics, segmentation, and microsegmentation to proactively to help engineer risk out of your network.
Integrate, integrate, integrate
Integrating all your security apps, devices, threat intelligence, threat analytics, and automated security tasks into a single platform allows for a quick, coordinated, and agile response to suspicious network activity. In a Ponemon Institute survey, 71 percent of respondents said it’s difficult to prioritize threat intelligence without an integrated platform, due to the sheer volume. An integrated security platform gives full visibility from a single console into the network, alerts, threat intelligence, and threat levels.
AI and machine learning can not only aid in identifying and analyzing new threats, but also generate algorithms and automated responses to protect network assets. “In cybersecurity, we want to get into the minds of the attackers, understand their motives, and anticipate their tactics,” says Gomez. “AI and machine learning take our ability to do that to the next level by exponentially speeding up the threat analysis, mitigation, and response processes.”
Fending off cyber attackers in 2019 and beyond will require an integrated, unified approach with a partner that sees cybersecurity as a life-and-death proposition.
Sensato Nightingale is an agile, telecom-grade, unified threat management platform that helps you keep up with threat intelligence and defense in the emerging threat landscape:
· Deception technology—Sensato’s Nightingale started out as a BDA solution, designed to detect a breach as quickly as possible; now it can keep attackers busy while giving you time to analyze and respond.
· Continuous threat intelligence—A stream of threat intelligence from a variety of sources, including open source intelligence from government defense agencies.
· Network intrusion detection—This is a given, but the NIDS is one piece of a UTM that simply cannot fail.
· Asset management—A complete accounting of all assets, similar to how attackers scan and inventory a system they’ve breached, along with a social graphing model to determine and locate an organization’s most important assets—those systems that can absolutely never go down.
· INFOCON protocols—INFOCON protocols allow you to move your entire organization to a higher defensive posture with a single command. Much like the protocols practiced in hospital trauma centers every day, these standing orders trigger action informed by training and preparation.
· Unified dashboard—With the entire cybersecurity operation into a single feed, IT security professionals can see the current risk level, receive alerts, launch response protocols in the event of a breach, run forensics on the breach, and shut it down.
· Journaling—In the midst of an attack, it can be difficult to document every action taken to protect assets; an automatic, time-stamped journal allows for future review and auditing.
· Reminders—Keeping track of everything you need to do to stay in compliance with government regulations and maintain public policy compliance as part of the natural workflow.
· Forensic analytics—Quickly see where an attack is occurring, the timeline of an attack, and the history of an attack so you can respond in real-time and perform a full analysis later to address system vulnerabilities.